Global Cybersecurity Incident Response Analyst

JOB DESCRIPTION
Join the dynamic global Cybersecurity Incident Response Team (CSIRT) team at UL Solutions as a Global Cybersecurity Incident Response Analyst, where you will play a critical part in defending our organization against cyber threats. In this role you will triage cybersecurity incidents according to our Incident Response Plan, assist with investigations using forensic analysis and critical thinking, and document facts and findings for evidence and reporting. Through collaboration with cross-functional teams you will contribute to process improvement opportunities by developing new knowledge base articles and IR playbooks to support the Global Cybersecurity Operations team. Additionally, you'll assist in evaluating IR metrics and identifying lessons learned during the response lifecycle for reporting to key stakeholders and senior leadership to drive strategic improvements. If you thrive in a fast-paced, dynamic environment, and are passionate about cybersecurity, we want to hear from you!
RESPONSIBILITIES

• Investigate and triage cybersecurity incidents as assigned in ServiceNow platform according documented the Cybersecurity Incident Response process.
• Communicate with UL associates across the organization to gather information and evidence required to investigate cybersecurity incidents.
• Take assignment of incident tickets and determine appropriate course of action, including escalation to senior team members or management where appropriate.
• Document cybersecurity incident details and incident timeline in accordance with documented Cybersecurity Incident Response Team standards.
• Collaborate with Cybersecurity Incident stakeholders to identify opportunities for process improvement and/or implementation of controls to prevent the recurrence of incidents.
• Identify and communicate cybersecurity risks during the incident response process to the Cyber Risk Team and Organizational stakeholders.
• Perform Digital Forensics Incident Response triage on Windows, Linux, and macOS hosts as required to investigate incidents using EDR and forensic tooling.
• Create IR playbooks and technical documentation as needed to drive process improvement and knowledge management.
• Assist the Cybersecurity Team with the capture of cybersecurity incident performance metrics using data analytics with ServiceNow.
• Assist team with monthly status reporting of deliverables, milestones, and notable achievements for greater Cybersecurity Team all-hands meetings.
• Assist Compliance and Audit teams with information requests to support regulatory and compliance audits.

QUALIFICATIONS

• Possess 1-3 years of working as a SOC Analyst, Cyber Incident Responder, or IT Incident Management role.
• Have experience with Wireshark, Zimmerman Tools, Autopsy, Kali Linux.
• Have experience working in a large enterprise company across various geographic regions and time zones.
• Strong written and verbal skills, and ability to present technical topics to a non-technical audience.
• Experience creating technical documentation and knowledge base (kb) articles as needed to drive process improvement and knowledge management.
• Be able to work independently or with minimal supervision to complete work.
• Have familiarity with project management, with ability to manage multiple tasks required related to project work.
• Experience using an EDR tool (Crowdstrike, Carbon Black, Microsoft Defender) is preferred.
• Experience using a Security Information Event Manager (SIEM) Solution (Splunk, SumoLogic, Sentinel, ELK) a plus.
• Experience using the ServiceNow CRM platform is a plus.
• Familiarity with Windows PowerShell scripting language is preferred. Python experience is a plus.
• Should be familiar with Active Directory fundamentals. Familiarity with RSAT PowerShell tools a plus.
• Experience with Microsoft EntraID and M365 Security and administrative fundamentals a plus.
• Familiarity with Windows PowerShell scripting language is preferred. Python experience is a plus.
• Should be familiar with Active Directory fundamentals. Familiarity with RSAT PowerShell tools a plus.
• Experience with Microsoft EntraID and M365 Security and administrative fundamentals a plus.

Preferred Certifications:
The preferred candidate should have a bachelor's degree or commensurate experience.
The preferred candidate will have a CompTIA Security+ or CompTIA Network+ certification.
SANS Certificate is preferred (GCIH, GCFA, GSEC, GCIA, GPEN)
Specialized Skills Required:

• Working cybersecurity incidents and supporting the team with tasking on incidents of larger scope
• Proficiency with Digital Forensics Incident Response tools and techniques
• Creating and documenting IR playbooks to support the IR program.
• Assisting with monthly reporting for team meetings and performance metrics

Total Rewards:
We understand compensation is an important factor as you consider the next step in your career. The estimated salary range for this position is $90,000 to $105,000 and is based on multiple factors, including job-related knowledge/skills, experience, geographical location, as well as other factors. This position is eligible for annual bonus compensation with a target payout of 10% of the base salary. This position also provides health benefits such as medical, dental and vision; wellness benefits such as mental and financial health; and retirement savings (401K) commensurate with the standard rewards offered in each individual location or country. We also provide full-time employees with paid time off including vacation (15 days), holiday including floating holidays (12 days) and sick time off (72 hours).
#LI-SG2
#LI-Hybrid
ABOUT US
A global leader in applied safety science, UL Solutions (NYSE: ULS) transforms safety, security and sustainability challenges into opportunities for customers in more than 110 countries. UL Solutions delivers testing, inspection and certification services, together with software products and advisory offerings, that support our customers' product innovation and business growth. The UL Mark serves as a recognized symbol of trust in our customers' products and reflects an unwavering commitment to advancing our safety mission. We help our customers innovate, launch new products and services, navigate global markets and complex supply chains, and grow sustainably and responsibly into the future. Our science is your advantage.