Security Incident Response Analyst
About Us
Morgan Street Holdings is a privately owned enterprise with a diverse portfolio of operating companies, including HAVI Supply Chain, tms, Stanley and Continental. Our operating companies offer best-in-class sourcing and supply chain capabilities, brand-defining and marketing and promotion services, innovative consumer products, and dining and refreshment food solutions.
Morgan Street Holdings employs over 10,000 people and serves 300+ customers across the globe.
Why Work Here?
At Morgan Street Holdings, we are proud to make moments that matter every day for our people and our customers. We do this through living our Morgan Street Holdings’ values:
• Do What’s Right
• Respect and Value All
• Think Big Together
• Elevate our Customers and People
Our commitment goes beyond the written word; we bring these values to life every day, lighting our path and shaping our decisions and actions with unwavering purpose. Join us in experiencing the true essence of Morgan Street Holdings where our values are not just written, but lived.
We support our people with competitive pay, benefits, and flexibility, and strongly emphasize a growth mindset for achieving personal and career growth while at Morgan Street Holdings.
Job Summary
This position serves as an escalation resource for an externally managed SOC service who operates the enterprise SIEM and SOAR. This person is someone who will learn the HAVI lines of business and participate in decisions to isolate endpoints based on operational risk. They would support business leaders and IT process owners through the implementation of technical controls and provide support for Governance, Risk, and Compliance initiatives in the region.
A successful Security Incident Response Analyst will leverage their understanding of modern threat actors and MITRE ATT&CK TTPs to reduce the mean time to respond and recover from Security Incidents. They will also rely on excellent communication skills to coordinate communication between managed security services and internal technology leaders working for Morgan Street companies. Additionally, the Security Incident Response Analyst would support the Offensive Security Practice in scoping activities for external penetration tests and help prioritize remediation recommendations from testing activities. This role would be a good fit for a SOC Tier 3 analyst looking to pivot to defensive cyber operations without daily responsibilities for live monitoring.
Primary Accountabilities
• Assist in development of SIEM rules and SOAR Automations.
• Perform Root Cause Analysis for EDR detections.
• Support Incident Response Investigations in the Preparation, Identification, and Recovery phases through modernizing runbooks, identifying IOCs, building attacker timelines, and coordinating recovery efforts.
• Work with managed threat hunting services to enhance detection engineering.
• Contribute to TTX development and delivery.
• Validate technical controls to assure regulatory and customer requirements are met.
• Evaluate potential security solutions and services to determine effectiveness.
• Support other security operations functions as required, to include vulnerability remediation guidance and local approvals for routine security exemptions.
• Collaborate with Security team members across the globe and provide direct support for the Governance, Risk, and Compliance security leader in the region.
Qualifications
• 3-5 years of experience performing SOC monitoring and incident response
• 2+ years as a level 3 SOC analyst
• Awareness of security standards and frameworks, such as ISO 27000 series, NIST 800.53, ISF SOGP, CIS Critical Controls, etc.
• Knowledge and experience with most of the following:
- SIEM (Google Chronicle)
- SOAR (Google Chronicle)
- EDR (SentinelOne)
- MITRE ATT&CK
Strongly Desired
• Security+, or equivalent, GSEC, GCIH, or equivalent Incident Response Certification
• Strong preference for GCIH or GICSP
• CISSP or similar Governance, Risk, and Compliance certifications
• IT Operations experience; including network management, server operations, cloud administration, etc.