Incident Response/Threat Intelligence job – Dell – Remote

Intelligence Analyst Jobs


SRC-IR Group

SecureWorks is a global leader in providing intelligence-driven information security solutions. We play an important role, as no organization in the world is immune from cyberattacks and the nature of the attack is changing every day. Internet security is a problem that will never be solved. Unlike point products that address a specific technology issue, we attack the problem holistically by analyzing threat actor tactics, techniques and procedures, and develop solutions using best-of-breed technologies to protect our clients. We are one of the best in the world at understanding the threat.

In short, we give our clients an early warning capability. SecureWorks was founded in 1999 and headquartered in Atlanta, Ga., with offices in all the major security markets around the globe. We have more than 2,000 team members, and partner with more than 4,200 clients in 59 countries to keep the bad guys out of their networks. We’ve been consistently recognized by industry analysts, readers’ polls and as a leader in the Gartner Magic Quadrant for managed security services, worldwide.

Role Overview

The Incident Response/Threat Intelligence Intake Consultant is a fast paced technical consulting role that is the first interaction many clients have with SecureWorks when they seek assistance for cyber incident response, cyber incident preparedness services, and threat intelligence services. A seasoned professional with excellent client interaction skills and appropriate technical knowledge will be successful in this role – focusing on demonstrating excellent client service through facilitating conference calls with prospects and clients to determine the type and scope of the computer security incident they’re experiencing.

It is critical to the contracting and delivery processes that we obtain correct and thorough technical information about the client environment and current incident, as well as proper project scope with aligned expectations between SecureWorks and the Prospect or Client. This role also provides initial triage instructions to the prospect/client on how to preserve artifacts and initiate standard information gathering activities before transitioning to a service delivery team. This role will also help triage and coordinate Threat Intelligence enrichment service requests.

As part of the above described responsibilities, this role will coordinate between stakeholders to include the prospect or client, service delivery specialists, and account executives in order to determine a course of action for incoming service requests. The incumbent will monitor several communication channels, answer inbound telephone calls, address client emails, triage service requests, and coordinate the scheduling of teleconference calls to discuss potential service delivery events. Additional duties include, but are not limited to, assisting clients with standard technical issue resolution, updating client records within CRM and ticketing systems, escalating issues on the client’s behalf to service delivery specialists, and performing routine technical tasks related to the intake and routing of the services that a client receives.

This position may require flexible work hours to provide coverage across multiple US time zones.

This position does not require travel. This position is a remote position.

Role Responsibilities:

Work with Prospects and Clients to rapidly assess Cyber Security Incidents and Incident Response/Threat Intelligence Service Request that are escalated to SecureWorks

Rapidly assess Cyber Security Incidents, likely response plan, skillsets required to respond, and ability for SCWX to respond

Enable sales staff through confidence inspiring interactions with Prospects and Clients, demonstrating best in class Incident Response Knowledge

First line of defense against project risks: legal risks, scope risks, budget risks

Manage urgent and critical interactions with all levels of prospect and client staff from Leadership to Technical Staff

Maintain professional, calming, and authoritative presence in crisis situations

Monitor several communication channels for Incoming IR and threat intelligence enrichment service requests

Take ownership of, triage, and update tracking systems for service requests

Gather contextual information from multiple sources to establish a service request course of action or respond to a standard request for information, to include threat intelligence data sets, service delivery engagements in progress, previous service delivery engagements, service delivery procedures, and service descriptions

Meet service level agreements regarding initial response time and client notification as it pertains to SecureWorks IR and TI services

Determine the appropriate contract vehicle for net new client service requests to ensure contractual coverage and funding for the service request

Liaise with practice leaders, team leads, and account executives to schedule the appropriate personnel to join teleconference calls with prospects and clients seeking IR and TI services

Facilitate communications with prospects, clients, account executives, and service delivery specialists to assess scope, objectives, and required skillsets for IR and TI enrichment service requests at the “pre-sales” stage or “pre-delivery” stage of potential service requests

Provide instructions in written and oral formats to prospects and clients for media handling and artifact collection that are required for IR and TI enrichment service requests

Provide internal stakeholders the necessary information for decision support and situational awareness on service request intake activities

Document all communications with clients and intradepartmental constituents related to outstanding service requests in order to escalate to the next level and track intake activities.

Route service requests to the proper service delivery team with the appropriate level of urgency and communication channel in a professional and courteous manner with an emphasis on client satisfaction. Assess and escalate to the next level as needed

Support the development and documentation of process improvements for efficient and effective response to IR and TI service requests


Knowledge, Skills, and Abilities

Excellent technical communication skills (oral and written) including experience briefing executive management and experience in times of crisis

Theoretical and practical knowledge in the following areas:

Unix, Linux, Windows, and OSX operating systems


Exploits, vulnerabilities, intrusion vectors, and malware


Host forensics, network forensics, and malware analysis techniques


Network traffic analysis, endpoint activity analysis, and log analysis techniques


Understanding of enterprise cyber incident management and response processes


Understanding of enterprise cybersecurity controls and failure modes

Excellent organization and resource management skills

Excellent capability to prioritize multiple and concurrent urgent tasks

Excellent customer service skills and ability to quickly establish technical credibility and rapport with clients


Minimum five (5) years of experience in cybersecurity operations or IT/Network Security Engineer

Minimum three (3) years in a client facing support role (Security Engineer, Client Services, Consulting, Professional Services)

Professional degree relevant to cybersecurity

GCIH, GCFE, GCFA, GREM, CISSP, CISM, or similar cybersecurity technical and managerial certifications

DevOps methods and ITIL framework knowledge are a plus

Relevant law enforcement/military training and experience in cybersecurity and other industry standard certifications are a plus

Technical Sales Engineer Experience a plus

8-10 years of relevant experience or equivalent combination of education and work experience

SecureWorks is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: SecureWorks is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at SecureWorks are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. SecureWorks will not tolerate discrimination or harassment based on any of these characteristics. SecureWorks encourages applicants of all ages.


IT Security

Primary Location

North America-US-Remote/Field/Satellite Office


Day Job

Job Level

Individual Contributor


Security Solutions

= Intelligence Analyst Jobs