Incident Response Analyst Team Lead

About Us  Thrive is a rapidly growing technology solutions provider focusing upon Cloud, Cyber Security, Networking, Disaster Recovery and Managed Services.  Our corporate culture, engineering talent, customer-centric approach, and focus upon “next generation” services help us stand out amongst our peers.  Thrive is on the look-out for individuals who don’t view their weekdays spent at “a job” but rather look to develop valuable skills that ignite their passion and lead to a CAREER.  If you’re attracted to a “work hard, play hard” environment, seeking the guidance, training and experience necessary to build a lucrative career, then welcome to THRIVE!!  Position Overview  With a growing client base, Thrive is expanding its security team. We are looking for an experienced Incident Response Analyst Team Lead to join our Cyber Security Incident Response Team. This pivotal role involves leading incident response efforts, mentoring analysts, and continuously improving our customers' security posture by preventing, detecting, analyzing, and responding to cybersecurity incidents using cutting-edge technology and robust processes.  The ideal candidate will bring a blend of leadership, deep technical expertise, and a passion for incident response and forensics. They will play a key role in handling high-priority incidents, refining incident response processes, and mentoring team members to ensure operational excellence.  Primary Responsibilities  Provide mentorship, coaching, and guidance to SOC Analysts and Incident Response Analyst  Foster collaboration across teams to enhance threat intelligence sharing and operational efficiency  Act as a point of escalation for complex investigations and high-priority incidents  Lead incident response and threat hunting efforts for confirmed high-priority security incidents, ensuring resolution and documentation  Investigate intrusion attempts, differentiate false positives from actual threats, and perform in-depth analysis of exploits  Proactively monitor and respond to emerging threats using advanced tools and methodologies  Conduct forensic analysis, including memory and disk imaging, to identify evidence of compromise and attacker activity  Collect, preserve, and analyze digital evidence to support investigations and potential legal actions  Utilize forensic tools to uncover artifacts such as deleted files, malware remnants, and network traces  Develop and maintain incident response playbooks, ensuring alignment with the overall security strategy  Conduct regular reviews and updates of playbooks to address evolving threats and technologies  Participate in tabletop exercises to validate and refine playbooks and incident response procedures  Analyze SOC, SIEM, and EDR platform data to identify and escalate potential threats.  Collaborate with cross-functional teams to implement security best practices for internal and external clients  Ensure adherence to Thrive’s security standards while recommending future enhancements to tools and workflows  Utilize threat intelligence to identify potential security risks and proactively mitigate them  Stay current on emerging threats, vulnerabilities, and adversarial tactics, techniques, and procedures (TTPs)  Qualifications  Required Skills and Experience  Demonstrated experience in incident handling, escalation management, or leading high-priority incident investigations  Demonstrated expertise in best security practices and incident response methodologies.  Advanced knowledge of:  Security Information and Event Management (SIEM) tools  Networking (TCP/IP, routing, and switching)  IDS/IPS, penetration testing, and vulnerability assessments  Windows, UNIX, and Linux operating systems  Network protocols and packet analysis tools  Endpoint Detection and Response (EDR), antivirus, and anti-malware tools  Content filtering and email/web gateways  Hands-on experience in forensics, malware analysis, and intrusion detection  Familiarity with industry frameworks such as MITRE ATT&CK and the Cyber Kill Chain  Proven ability to communicate complex security issues to clients, peers, and management  Strong analytical, problem-solving, and decision-making skills  Adaptability to rapidly evolving situations and technologies  Ability to participate in an on-call rotation for high-priority incidents  Preferred Skills  Knowledge of common system calls and APIs for Windows and Linux/Unix environments  Experience with programming languages relevant to security analysis and automation  Understanding of internal file structures commonly associated with malware  Experience in detection engineering and creating high-fidelity detection rules  Advanced cloud security knowledge and expertise in investigating cloud-based intrusions  Desired Certifications  Computer Hacking Forensic Investigator (CHFI)  GIAC Certified Forensic Analyst (GCFA)  GIAC Certified Forensic Examiner (GCFE)  Certified Incident Handler (GCIH)  Powered by JazzHR