Senior Incident Response Analyst

ZS is a place where passion changes lives. As a management consulting and technology firm focused on improving life and how we live it, our most valuable asset is our people. Here you’ll work side-by-side with a powerful collective of thinkers and experts shaping life-changing solutions for patients, caregivers and consumers, worldwide. ZSers drive impact by bringing a client first mentality to each and every engagement. We partner collaboratively with our clients to develop custom solutions and technology products that create value and deliver company results across critical areas of their business. Bring your curiosity for learning; bold ideas; courage and passion to drive life-changing impact to ZS.

Our most valuable asset is our people.

At ZS we honor the visible and invisible elements of our identities, personal experiences and belief systems—the ones that comprise us as individuals, shape who we are and

make us unique. We believe your personal interests, identities, and desire to learn are part of your success here. Learn more about our diversity, equity, and inclusion efforts and the networks ZS supports to assist our ZSers in cultivating community spaces, obtaining the resources they need to thrive, and sharing the messages they are passionate about.

Senior Incident Response Analyst

The Senior Incident Response Analyst will be in our Merchandise Mart, IL office, and be primarily responsible for working with Incident Response and Security Operations team. The successful candidate will be responsible for identifying, analyzing, and responding to security incidents across our global environment.

The position requires in-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc. This individual would be expected to coordinate with extended Information Technology team on a regular basis. The candidate will operate in high-pressure situations, provide tactical response to critical threats, and ensure timely communication and tracking of all response activities. This role would also require understanding and experience in working on security for cloud services (AWS, Azure, GCP and/or other cloud solutions).

What you'll do:

• Act as an escalation point for complex or high-priority security events.
• Perform technical analysis of multiple sources of data, including network flows/packet data, host forensic artifacts, and application/system logs
• Make automation a mindset of the team to improve response, analysis, quality, and workload efficiency.
• Recognize opportunities to integrate Artificial Intelligence into their workflows, and who stay ahead of emerging tools and techniques to improve speed and accuracy in incident response.
• Build a strong understanding of the ZS landscape to recognize urgency, impact, and map out correlations of different threats.
• Coordinate response efforts across multiple teams, ensuring efficient execution and proper documentation of actions.
• Track and drive action items through resolution; ensure thorough documentation in ticketing and IR tracking systems.
• Lead incident communications, providing clear, concise updates to stakeholders including executive leadership.
• Collaborate with Security Operations, legal, and business units to assess impact and containment strategies.
• Maintain and improve incident response playbooks and procedures based on lessons learned.
• Contribute to tabletop exercises, purple teaming and post-incident reviews.
• Create reports, dashboards and metrics for Incident Response operations and present to senior management.

Availability

• The individual is expected to work in 8-hour shifts between 10 AM and 7 PM CT. Shifts may be adjusted during critical incidents, candidates should be willing and comfortable to extend their hours until 9 PM as needed.

What you'll bring:

• Bachelor’s degree in computer science, Information Security, or a related field
• 3 - 5 years of experience in SOC with at least 1 year experience in handling security incident response
• Fair understanding about Health Care and Professional services industry

• Strong expertise working with Microsoft Sentinel, Wiz.
• Recognized as a subject matter expert in IR with a deep understanding of real-world APT tactics, techniques, and procedures. Must be able to quickly determine if cases are criminal, commodity malware, or advanced persistent cases and chart the course of the team’s response as appropriate for each type of case
• Demonstrated history of working in IR teams to successfully investigate cases of advanced targeted exploitation or similar interactive hacking cases
• Cloud SaaS and PaaS experience and an understanding of investigations in those environments and leveraging cloud for investigation scale
• High level of knowledge of various security methodologies, processes and technical security solutions.
• Strong knowledge of Firewalls/NGFW; IDS/IPS
• Strong knowledge of Next Generation AV tools (like CrowdStrike, Cylance or any NGAV/EDR); Encryption tools (like Symantec PGP, MBAM, etc.); Application Whitelisting and DLP tools.
• Strong Knowledge in Industry standard VAPT tools like Tenable Nessus, Rapid7 and opensource tools.
• Knowledge of open-source security monitoring tools.
• Expertise in working with various monitoring tools (like Athena, HP Open View, Nagios, SolarWinds, etc.).
• Understanding and experience working with cloud security services (AWS, Azure, GCP; others a plus)
• Collaborating with a team to have strong research and highly analytical skills, especially with respect to event classification, event correlation, and root cause analysis.
• Must possess excellent communication, problem-solving, critical thinking and organizational skills.
• Must have strong presentation skills.
• Ability to clearly present technical approaches or findings in oral and written format.
• Ability to present ideas in business-friendly and user-friendly language.
• Highly self-motivated and directed.
• Experience with LLMs, scripting for automation, or AI-enhanced security analytics is highly desirable.

Preferred Certifications:

It is desired that the individual may hold two or more of the following certifications. Having hands-on experience without certifications can be considered based on the candidate’s proficiency in the domain.

• Security+, Comptia Cyber Security Analyst (CySA+), GCLD, GCIH, Microsoft Certified: Security Operations Analyst Associate, Microsoft Certified: Azure Security Engineer Associate, AWS Certified Cloud Practitioner, AWS Certified Security – Specialty,
• CISSP or CISM (nice to have)
• GIAC Certified Forensic Analyst (GCFA) (nice to have)
  

Perks & Benefits:

ZS offers a comprehensive total rewards package including health and well-being, financial planning, annual leave, personal growth and professional development. Our robust skills development programs, multiple career progression options and internal mobility paths and collaborative culture empowers you to thrive as an individual and global team member.

We are committed to giving our employees a flexible and connected way of working. A flexible and connected ZS allows us to combine work from home and on-site presence at clients/ZS offices for the majority of our week. The magic of ZS culture and innovation thrives in both planned and spontaneous face-to-face connections.

Travel:

Travel is a requirement at ZS for client facing ZSers; business needs of your project and client are the priority. While some projects may be local, all client-facing ZSers should be prepared to travel as needed. Travel provides opportunities to strengthen client relationships, gain diverse experiences, and enhance professional growth by working in different environments and cultures.

Considering applying?

At ZS, we're building a diverse and inclusive company where people bring their passions to inspire life-changing impact and deliver better outcomes for all. We are most interested in finding the best candidate for the job and recognize the value that candidates with all backgrounds, including non-traditional ones, bring. If you are interested in joining us, we encourage you to apply even if you don't meet 100% of the requirements listed above.

ZS is an equal opportunity employer and is committed to providing equal employment and advancement opportunities without regard to any class protected by applicable law.

To Complete Your Application:

Candidates must possess or be able to obtain work authorization for their intended country of employment.An on-line application, including a full set of transcripts (official or unofficial), is required to be considered.

NO AGENCY CALLS, PLEASE.

Find Out More At:

www.zs.com

#LI-SR4