Job Overview

The Principal Incident Response Analyst leads our Cybersecurity Incident Response efforts with a focus on managing and mitigating security threats associated with Web Application Firewalls (WAF) and internet-facing systems. This role demands a deep understanding of network and application-level security, as well as a proven track record in working with Threat Management Teams to prepare for, detect, and respond to cyber threats. The Principal Incident Response Analyst is expected to possess expert knowledge of intrusion detection methodologies, cyber defense strategies and the ability to analyze and prioritize incidents that could impact our internet presence and application infrastructure. They will work within the Cloud Hosting team with the position reporting through the Information Security team.

About Us

When you join iCIMS, you join the team helping global companies transform business and the world through the power of talent. Our customers do amazing things: design rocket ships, create vaccines, deliver consumer goods globally, overnight, with a smile. As the Talent Cloud company, we empower these organizations to attract, engage, hire, and advance the right talent. We’re passionate about helping companies build a diverse, winning workforce and about building our home team. We're dedicated to fostering an inclusive, purpose-driven, and innovative work environment where everyone belongs.

Responsibilities

• Lead and enhance our security incident response efforts with a specialized focus on threats to our WAF and internet-exposed environments, ensuring robust detection, analysis, and containment of threats.

• Collaborate closely with the Threat Management Teams to develop and refine strategies for proactive threat hunting, vulnerability management, and incident response related to our internet and WAF-protected assets.

• Utilize advanced cyber defense tools for continuous monitoring and analysis of systems to identify malicious activity, with a particular emphasis on internet-facing applications and services.

• Document and escalate incidents, providing comprehensive analyses of the event's history, status, and potential impact, to facilitate informed decision-making and swift response actions.

• Analyze identified malicious activity specifically targeting web applications and internet-facing systems to determine weaknesses exploited, exploitation methods used, and the overall impact on systems and information.

• Perform advanced event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and assess the effectiveness of observed attacks against our internet presence.

• Conduct in-depth research, analysis, and correlation across a wide variety of all-source data sets to identify and mitigate threats specific to our web and internet infrastructure.

Qualifications

• 6+ years of experience in information security, with a specific focus on incident response, WAF, and internet security, supplemented by an aligned educational background or relevant work experience in security operations, threat management, or a related field in information technology.

• Expertise in security operations tools, with a preference for those related to web application firewalls, intrusion detection/prevention systems (IDS/IPS), SIEM, and cloud security services.

• Extensive experience with the incident management process, specifically related to internet and web application threats, including responding to alerts and monitoring cloud services.

• Deep knowledge of cyber defense, information security policies, procedures, and regulations, with an emphasis on internet and application-level security.

• Advanced understanding of servers, networking, operating systems, databases, and cloud services (AWS, Azure, or GCP), with a focus on their application and implications in internet-facing environments.

• Additional experience with similar security operations tools; logging systems, intrusion detection/prevention systems (IDS/IPS), Anti-virus, SIEM, Vulnerability Management tools, DLP, endpoint protection, CASB, etc.

Preferred

• BA/BS in computer-related field or relevant work experience

• Advanced security certifications from CompTIA, CEH, and a major cloud service providers (AWS, Azure, GCP), or any related security designation, especially those focusing on web application and internet security.

EEO Statement

iCIMS is a place where everyone belongs. We celebrate diversity and are committed to creating an inclusive environment for all employees. Our approach helps us to build a winning team that represents a variety of backgrounds, perspectives, and abilities. So, regardless of how your diversity expresses itself, you can find a home here at iCIMS.

We are proud to be an equal opportunity and affirmative action employer. We prohibit discrimination and harassment of any kind based on race, color, religion, national origin, sex (including pregnancy), sexual orientation, gender identity, gender expression, age, veteran status, genetic information, disability, or other applicable legally protected characteristics. If you would like to request an accommodation due to a disability, please contact us at careers@icims.com .

Compensation and Benefits

Competitive health and wellness benefits include medical, dental, vision, 401(k), dependent care, short term and long term disability, life and AD&D insurance, bonding and parental leave, mindfulness resources, an open vacation policy, sick days, paid holidays, quiet hours each workday, and tuition reimbursement. Benefits and eligibility may vary by location, role, and tenure. Learn more here: https://careers.icims.com/benefit s