Cyber Security Operations / Incident Response Analyst

Rally Health, Inc. helps people take an active role in their health care. We use clinical data, customized recommendations, and continual rewards to help consumers make positive lifestyle choices and navigate every touchpoint of the health care continuum. With offices in Washington, D.C., San Francisco, and Chicago, Rally Health features an executive team that has been working to transform the industry since 2010.

Rally Health seeks a Cyber Security Operations / Incident Response Analyst with strong technical skills, and sound written and verbal communication skills. Specialist will maintain the Alert Logic platform(s) and provide ongoing breach detection, incident response, and administrative services for Infosec Tools and applications. Specialist will also provide regular written status reports and detailed investigation reports for all incidents.

* Maintain constant monitoring of intrusion detection systems * Create technically detailed reports based on intrusions and events * Provide assistance in incident investigations * Coordinate with other teams to remediate detected incidents * Analyze and evaluate anomalous network and system activity * Recommend modifications to security tools to detect, prevent, and mitigate intrusions * Recommend mitigation activities and provide after action reports to remediate vulnerabilities and reduce the chance of further exploitation * Administer Security related tools and systems that have elevated Access * Assist in general administration of InfoSec tools and applications * Perform live response data collection and analysis on hosts of interest in an investigation * Collate and analyze relevant events from host and network device log files

**Qualifications:** * Experience analyzing reports generated from SIEM tools * Understanding of packet capture (PCAP) analysis and network flow data review * Experience with Security tools like Alert Logic, TippingPoint IPS, Sophos, Sourcefire IDS/IPS, and/or Fireeye, Splunk * One or more years’ experience in a hands-on technical role of network forensics analyst, malware analyst, or incident responder **Additional Qualifications:** * HS degree required, Higher degree strongly desired. * One or more of the following technical certifications: GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), GIAC Reverse Engineering Malware (GREM), EnCE, or equivalent certifications in these areas * Expertise in analysis of TCP/IP network communication protocols * Experience with a scripting language such as Perl, Python, or other scripting language in an incident handling environment * Experience with malware analysis and reverse engineering * Experience conducting analysis of electronic media, packet capture, log data, and network devices in support of intrusion analysis or enterprise level information security operations