Cybersecurity Analyst 3 - Incident Response (Hybrid)

KLA is a global leader in diversified electronics for the semiconductor manufacturing ecosystem. Virtually every electronic device in the world is produced using our technologies. No laptop, smartphone, wearable device, voice-controlled gadget, flexible screen, VR device or smart car would have made it into your hands without us. KLA invents systems and solutions for the manufacturing of wafers and reticles, integrated circuits, packaging, printed circuit boards and flat panel displays. The innovative ideas and devices that are advancing humanity all begin with inspiration, research and development. KLA focuses more than average on innovation and we invest 15% of sales back into R&D. Our expert teams of physicists, engineers, data scientists and problem-solvers work together with the world’s leading technology providers to accelerate the delivery of tomorrow’s electronic devices. Life here is exciting and our teams thrive on tackling really hard problems. There is never a dull moment with us.

Job Description

The Cybersecurity group at KLA is involved in every aspect of the global business. The KLA Cybersecurity group defends against cyber-attacks and provides cybersecurity tools, incident response services and assessment capabilities to safeguard the environments that support the essential operations of KLA. We are passionate about identifying adversarial activities and anticipating a wide variety of threats to strengthen our defenses and the overall protection of KLA Intellectual Property.
The SOC Analyst - 3 is responsible for advanced incident response, threat hunting, and maintaining the security tools that are used to secure our environment. This individual will have a specific focus on Incident Response, tuning detection rule-sets, and generating and responding to tickets across relevant IT and Cybersecurity teams.

Essential Duties and Responsibilities:

• Act as an active member of the team, which monitors and process responses for security events on a 24x7 basis to include serving in a rotational on-call capacity.
• IDS monitoring and analysis, analyze network traffic, log analysis, prioritize and differentiate between potential intrusion attempts and false alarms.
• Proactively monitor SIEM, EDR, and network based alerts, and respond to active threats to internal networks.
• Advise incident responders in the steps to take to investigate and resolve computer security incidents.
• Actively preform detection, monitoring, analysis, and resolution of security incidents.
• Plan and implement regular incident response and postmortem exercises, with a focus on crafting measurable benchmarks to show progress (or deficiencies requiring additional attention).
• Review and analyze cyber threats and provide SME support and training to junior level security analysts.
• Transform threat intelligence into effective detection logic and new signatures for integration with SIEM and EDR platforms.
• Evaluate existing detection rules and facilitate the development and tuning of AV, EDR, and SIEM rules to ensure high fidelity alerting.
• Communication with management as required, keeping leaders informed of incident progress, notifying of impending changes or agreed outages.
• Prioritize their own work to provide a positive customer experience.
• Participation in security incident handling efforts in response to a detected incident.
• Must maintain awareness of trends in security regulatory, technology, and operational requirements.

Additional Duties and Responsibilities:

• Some domestic and/or international travel (up to 25%) may be required.
• Ability to communicate clearly with other team members in a hybrid environment.
• Generate reports from different data sources and present to management when requested.

Preferred Qualifications:

• Bachelor's Degree or equivalent experience in an Information Security/related IT field.
• Relevant security related certification(s) a plus: CISSP, GCIA, GSEC, GCIH, GCED, GCFA, GREM.
• Thorough understanding of threat hunting models, as well as cyber threat intelligence, including TTPs and IoCs extraction and mapping.

Minimum Qualifications

• 3+ years of related experience in cybersecurity or related technologies such as: firewalls/AV/EDR/IPS/IDS/SIEM systems.
• 3+ experience working in or with a Security Operations Center (SOC) in an Incident Responder role.
• Strong working knowledge of common security appliances including: EDR, SIEM, AV, scanners, proxies, WAF, Netflow, IDS and forensics tools
• Proficiency in Operating Systems (Windows and Linux).
• Ability to multi-task, adapt to changes quickly and handle heavy ticket volumes.
• Technical awareness: ability to match resources to technical issues appropriately.
• Ambitious and able to work in a fast-moving environment.
• Great written and verbal communication skills in English.

We offer a competitive, family friendly total rewards package. We design our programs to reflect our commitment to an inclusive environment, while ensuring we provide benefits that meet the diverse needs of our employees.

KLA is proud to be an equal opportunity employer

Be aware of potentially fraudulent job postings or suspicious recruiting activity by persons that are currently posing as KLA employees.  KLA never asks for any financial compensation to be considered for an interview, to become an employee, or for equipment. Further, KLA does not work with any recruiters or third parties who charge such fees either directly or on behalf of KLA. Please ensure that you have searched KLA’s Careers website for legitimate job postings.  KLA follows a recruiting process that involves multiple interviews in person or on video conferencing with our hiring managers.  If you are concerned that a communication, an interview, an offer of employment, or that an employee is not legitimate, please send an email to [email protected] to confirm the person you are communicating with is an employee. We take your privacy very seriously and confidentially handle your information.