Senior Incident Response Analyst 

Security | United States

Senior Incident Response Analyst

  • Remote
  • United States
  • Security
  • Full-time

About Ancestry:

When you join Ancestry, you join a human-centered company where every person’s story is important. We believe that by discovering the struggles and triumphs of our past, we can foster deeper bonds and more meaningful connections among families and communities. Our talented team of scientists, engineers, genealogists, historians, and storytellers is dedicated to empowering customers around the world from all backgrounds on their journeys of personal discovery. 

With more than 30+ billion digitized global historical records, 100+ million family trees, and 20+ million people in our growing AncestryDNA database, Ancestry helps customers discover their family story and gain a new level of understanding about their lives. Passionate about dedicating your work to enriching people’s lives? You belong at Ancestry.

You will use your passion for, and expertise in, threat intelligence and incident management to keep on top of the ever-evolving threats to our systems and important data. As a very senior technical member of our incident response team, the team will look to you for strategic guidance, insight, and mentoring. To ensure your success, we provide an environment which fosters innovation, a positive team culture, and autonomy.

What you will do...

  • Be an incident response technical lead for high impact cyber security incidents
  • Evaluate events, escalations and incidents to determine remediation and resolution actions
  • Coordinate appropriate response activities across teams or directly with partners to improve potential threats
  • Update playbooks to improve processes and information sharing across teams
  • Provide knowledge sharing, mentoring, and support of more junior team members
  • Work with our internal red team to test process development and effectiveness

Who you are...

  • 4+ years understanding of incident response processes, and threat intelligence cycles, including understanding of IP network traffic, security vulnerabilities, different exploitation techniques, and malware behaviors (including communications protocols)
  • Experience with host and network-based protection technologies
  • Experience in computer security related disciplines, including the following subject areas: software vulnerabilities and exploitation, host forensics, malware analysis, network traffic analysis, Insider Threat and web-focused security topics.
  • Experience working in an industry standard Security Operations Center or similar environment providing incident handling and response, intrusion detection, analysis, cyber threat intelligence, threat determination, and mitigations processing and tracking.
  • Experience assessment threats derived from different intakes to include security technology alerts, user reported tickets, and other internal SOC organizations.
  • Experience working with analysis techniques, identifying indicators of compromise, threat hunting, and identification of intrusions and potential incidents.
  • Experience working with several network and system security technologies to include Elasticsearch, data analytics platforms, endpoint tools, network technologies, and SIEMs.
  • Advanced proficiency in correlation and alerting rule creation, packet analysis, encryption and obfuscation techniques, malware handling and analysis, digital forensics, indicator of compromise (IOC) management, network flow data, advanced endpoint security technologies and big-data parsing/querying.
  • Knowledge of the cyber threat landscape to include different types of adversaries, campaigns, and the motivations that create them.
  • Professional experience in a technical mentor capacity.
  • Incident Response experience in the major Cloud Computing products AWS, Google Cloud.
  • Advanced proficiency with common scripting languages, regular expression (regex), in addition to analysis of Cloud, on-premise, removable media asset types.




Additional Information:

Ancestry is an Equal Opportunity Employer that makes employment decisions without regard to race, color, religious creed, national origin, ancestry, sex, pregnancy, sexual orientation, gender, gender identity, gender expression, age, mental or physical disability, medical condition, military or veteran status, citizenship, marital status, genetic information, or any other characteristic protected by applicable law. In addition, Ancestry will provide reasonable accommodations for qualified individuals with disabilities.

All job offers are contingent on a background check screen that complies with applicable law.  For San Francisco office candidates, pursuant to the San Francisco Fair Chance Ordinance, Ancestry will consider for employment qualified applicants with arrest and conviction records.  

Ancestry is not accepting unsolicited assistance from search firms for this employment opportunity. All resumes submitted by search firms to any employee at Ancestry via-email, the Internet or in any form and/or method without a valid written search agreement in place for this position will be deemed the sole property of Ancestry. No fee will be paid in the event the candidate is hired by Ancestry as a result of the referral or through other means.

Apply Now! 

Not You?

Thank you