About the role
Kroll’s Cyber Risk team works on over 2,000 cases a year, including some of the most complex and highest profile matters in the world. With experts based around the world, supported by ground-breaking technology, we help protect our client’s data, people, operations and reputation with innovative assessments, investigations and intelligence. We are the only company in the world with the expertise and resources to deliver global, end-to-end cyber risk management, supporting organizations through every step of their journey toward cyber resilience.
Clients count on us for quick and expert support in the event of and in preparation against a cyber incident; from incident response to risk assessments, and complex forensics to breach notification and ID theft remediation we help clients – of all sizes – respond with confidence.
This Senior Analyst role will be an integral member of the Threat Hunting and Incident Response leadership for the Security Operation Centre. They will help identify, implement and document appropriate methodologies and provide instruction to more junior members of the SOC team in delivering these areas to customers.
At Kroll, your work will help deliver clarity to our clients’ most complex governance, risk, and transparency challenges. Apply now to join One team, One Kroll.
Duties and Responsibilities
- Carry out in-depth investigation on security events, raise incidents and support the Incident Management process.
- Provide remote incident response activities and advice to support customers during and immediately after security incidents.
- Respond to system generated alerts, analyse logs and traffic patterns.
- Maintain and improve SIEM correlation rules and Endpoint Protection detections.
- Supporting multiple customer environments concurrently.
- Provide analysis and trending of security log data and network traffic.
- Generate customer facing security reports.
- Integrate and share information with other analysts and other teams.
- Other duties as assigned.
- A passion for security and enjoys solving problems.
- Experience working with SIEM and EDR systems.
- Good knowledge of Cyber Security Incident Response processes & procedures.
- Excellent knowledge on the fundamentals of Windows and Unix systems.
- Good understanding of host forensics, memory forensics and network forensics.
- In-depth knowledge of the security threat landscape.
- Knowledge of various security methodologies and processes, and technical security solutions.
- Knowledge of TCP/IP Protocols, network analysis, and network/security applications.
- Knowledge of investigation techniques to determine security incidents.
- Ability to multi-task, prioritize, and manage time effectively.
- Strong attention to detail.
- Excellent interpersonal skills and professional demeanor.
- Excellent verbal and written communication skills.
- Excellent customer service skills.
- Industry standard certifications such as: CREST CRT, CREST CCT, OSCP, GCFA, GNFA, GREM.
- 3+ years’ or more of experience as a Cyber Security Analyst or equivalent.
- Bachelor's degree in related field or equivalent experience and knowledge
- Prior experience actively using endpoint threat detection and response (EDR) products to investigate threats such as VMWare Carbon Black, Windows Defender ATP, CrowdStrike Falcon, Sentinel One, Trend Micro XDR, Tanium, or others.