Job Description

About Ferguson
Ferguson is the largest value-added distributor serving the specialized professional in the residential and non-residential North American construction market. We help make our customers' complex projects simple, successful and sustainable by providing expertise and a wide range of products and services from plumbing, HVAC, appliances, and lighting solutions to pipe, valves and fittings, water and wastewater solutions, and more. Headquartered in Newport News, Virginia, Ferguson has sales of $29.6 billion (fiscal year '24) and approximately 35,000 associates in nearly 1,800 locations.
ANSR is the market leader in enabling organizations to build, manage and scale global teams through Global Capability Centers (GCCs). ANSR's full-stack GCC platform, comprising end-to-end Al- enabled products and services, is trusted by the world's best companies to help them set up, manage, and run their high-impact technology centers. Since its inception, ANSR has established over 125 GCCs, aggregating to over 125k enterprise talent, with over $2B in investment and using over 12M sq ft of workspace.
Visit ansr.com for more information.

Duties and Responsibilities:

• Conduct initial triage and review of security incidents from internal and external sources to assess root cause, impact, and remediation steps.
• Handle incoming calls during evening shifts, routing non-security incidents to relevant teams per defined processes.
• Collaborate with the Cyber Threat Prevention Team to improve processes, drive automation, and support "shift-left" initiatives.
• Elevate incidents to L2 analysts based on established runbooks and procedures.
• Monitor and ensure service availability and reliability across all security offerings.
• Find opportunities for security rule tuning based on detection patterns and assist in improving operations runbooks.
• Partner with the Automation team to automate response runbooks and enhance operational efficiency.
• Maintain strong working relationships with IT, Security, third-party vendors, and business collaborators.
• Ensure proper maintenance, monitoring, automation, and response procedures to meet security and availability objectives.
• Adhere to ITIL and other operational processes for quality execution.
• Provide input on technology selection and participate in relevant training sessions to enhance security technology skills.
• Follow all policies, rules, and regulations, and perform additional duties as requested by management.
• Availability to work holidays and weekends as per shift assignments.

• 0-3 years of experience in incident response, ideally within a Security Operations Center (SOC), with hands-on experience in monitoring security alerts, performing initial triage, and analyzing incidents.
• Certifications such as Security Blue Team Level 2 (BTL1), CompTIA CySA+, or CompTIA Security+ are desirable but not required.
• Associate's degree or equivalent experience in Cybersecurity, Computer Science, Information Technology, or a related field is preferred.
• Experience with Azure Sentinel and KQL (Kusto Query Language) is a plus.
• Basic understanding of incident response processes, common attack vectors, and threat types.
• Familiarity with SIEM tools (such as Splunk, Azure Sentinel) for monitoring security events and performing basic log analysis to identify potential threats.
• Ability to recognize and analyze basic Indicators of Compromise (IOCs) in network and endpoint logs.
• Solid attention to detail and vigilance when reviewing logs and alerts to identify security incidents.
• Ability to quickly learn and adapt to new security tools, processes, and technologies.
• Skilled in performing initial incident triage, figuring out severity of incidents, and advancing to Tier 2 analysts when necessary.
• Proficient in analyzing security event data, raising alerts, and effectively communicating findings to senior analysts and other teams.
• Solid understanding of the MITRE ATT&CK framework and its application in identifying and categorizing threats.
• Ability to safely contain, collect, and handle malware during an incident response.
• Strong organizational skills with the ability to prioritize tasks and manage time effectively in a fast-paced environment.
• Proficient in Microsoft Office Suite (Outlook, Word, Excel, PowerPoint) for documentation and communication.
• Effective verbal and written communication skills for incident reporting, alerting senior analysts, and collaborating with multi-functional teams.
• Ability to work within multi-functional teams and support incident escalation and resolution.
• Strong problem-solving and logical reasoning abilities to solve security incidents and determine appropriate responses.