• Incident Response Analyst

    Job ID
    NL-Amsterdam Zuid-Oost
  • Overview

    The Incident Response Analyst supports Trend Micro efforts to provide incident response and analytic capabilities to technical support cases submitted to Trend Micro, as well as to the Managed Detection and Response Operations. The Incident Response Analyst has technical knowledge and experience performing incident response, network monitoring, and has performed related malware analysis. The Incident Response Analyst should be a strong leader with the ability to perform multiple types of analysis roles independently, or co-working with a Security Operations Center includes providing mitigation recommendations. Finally, the Incident Response Analyst shall at times deliver senior level briefings that address cases or ongoing investigations.

    The Responsibilities

    • Oversee all incident response, from detection to incident resolution.
    • Serve as a contact point for suspicious and malicious events escalated by technical support cases, as well as from the Managed Detection and Response Operations.
    • Perform host and network level analysis to support on-going investigations through incident response.
    • Review and analyze technical components of malware and other related threat activities while developing and refining detection criteria.
    • Review security events and data sources to develop and refine detection criteria, as well as generate threat intelligence.
    • Must be willing and able to travel, when necessary.
    • Occasional evenings and weekends may be required.
    • Must be able to work 'on call' for incident response.

    You Are

    • 3+ years of experience in a full-time security position, preferably working in IR and threat detection
    • Expert use of using Trend Micro tools, products or technology to manage incidents and perform incident investigations
    • At least a bachelor’s degree in a related field or 3 years of experience in lieu of
    • Willing to travel as required to respond to an incident (less than 10% travel)
    • Willing to work on-call or off hours as needed to respond to an incident

    You Have

    • Familiarity with Trend Micro products and technology, such as VSAPI, Behavioral Monitoring, Web/Email Reputation or the Connected Threat Defense strategy
    • Expert analysis experience or administrator level knowledge of Windows, Mac, or Linux systems
    • Experience with log analysis, event correlation and incident management procedures and systems, as well as knowledge of host and network log sources to apply to investigation and IR methodology in investigations
    • Previous experience with malware, digital forensics techniques and various commercial and open source tools is a plus, such as (but not limited to) memory (winpmem) and disk (dd, dclfdd) dumpers, FTK Imager, SIFT Workstation, Volatility Framework, Wireshark, Bro/SiLK, Netflow
    • Aptitude for learning, be self-directed, and be capable of working in a fast-paced operations environment
    • Strong abilities to communicate through oral and written methods to internal and external stakeholders
    • Strong abilities to interface between multiple departments, with strong customer service skills


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed

    Connect With Us!

    Not ready to apply? Connect with us for general consideration.