KLA Careers

Analyst, Incident Response 2

This job posting is no longer active

Company Overview

Calling the adventurers ready to join a company that's pushing the limits of nanotechnology to keep the digital revolution rolling. At KLA, we're making technology advancements that are bigger—and tinier—than the world has ever seen.

Who are we?  We research, develop, and manufacture the world's most advanced inspection and measurement equipment for the semiconductor and nanoelectronics industries. We enable the digital age by pushing the boundaries of technology, creating tools capable of finding defects smaller than a wavelength of visible light. We create smarter processes so that technology leaders can manufacture high-performance chips—the kind in that phone in your pocket, the tablet on your desk and nearly every electronic device you own—faster and better. We're passionate about creating solutions that drive progress and help people do what wouldn't be possible without us.  The future is calling. Will you answer?


The Cybersecurity group at KLA is involved in every aspect of the global business. The KLA Cybersecurity group defends against cyber-attacks and provides cybersecurity tools, incident response services and assessment capabilities to safeguard the environments that support the essential operations of KLA. We are passionate about identifying adversarial activities and anticipating a wide variety of threats to strengthen our defenses and the overall protection of KLA Intellectual Property.


The Cybersecurity SOC Analyst is responsible for first level monitoring and maintaining the security tools that are used to secure our network and infrastructure. This individual will be responsible for generating and responding to tickets from our SIEM tools and escalating when appropriate to relevant IT and Cybersecurity personnel. Qualified candidates should have exposure to network security assets (Firewalls/AV/IPS/IDS/SIEM). Strong communications skills, both written and verbal, are integral to success for this position.

Essential Duties and Responsibilities:

  • Coordination of tickets between multiple teams to ensure completion.
  • Pre-process service requests as they arrive through email, manual entry, or direct business input.
  • Schedule internal Vulnerability Scans though our SIEM & EVM tools.
  • Monitor service requests to ensure prompt action and completion.
  • Communication with CISO as required: keeping informed of incident progress, notifying of impending changes or agreed outages.
  • IDS monitoring and analysis, analyze network traffic, log analysis, prioritize and differentiate between potential intrusion attempts and false alarms.
  • Create and track investigations to resolution.
  • Compose security alert notifications.
  • Advise incident responders in the steps to take to investigate and resolve computer security incidents.
  • Detection, monitoring, analysis, and resolution of security incidents.
  • Must be able to perform network, application, and log intrusion detection.
  • Participation in security incident handling efforts in response to a detected incident.
  • Must be able to maintain awareness of trends in security regulatory, technology, and operational requirements.

Additional Duties and Responsibilities:

  • Fast turnaround of service requests.
  • Ability to work in a team and communicate effectively.
  • Track tickets as they route through other teams.
  • Escalate service requests to appropriate resources.
  • Generate reports from different data sources – create tickets when appropriate.
  • Enter all work as service tickets into ServiceNow.




  • Pursuit or completion of entry level Security related certification (CISSP or CEH, etc.).
  • Computer, infrastructure (full tech stack) and operating system knowledge.
  • Interpersonal skills: such as telephony skills, communication skills and active listening skills.
  • Ability to multi-task, adapt to changes quickly and handle heavy ticket volumes.
  • Technical awareness: ability to match resources to technical issues appropriately.
  • Understanding of support tools, techniques, and how technology is used to provide Cybersecurity services.
  • Self-motivated with the ability to work in a fast-moving environment.
  • Familiarity with various network and host-based security applications and tools, such as network and host assessment/scanning tools, network and host based intrusion detection systems, and other security software packages.
  • Knowledge of the NIST CSF, 800-171 and 800-53, CIS Top 20. 
  • Knowledge of confidentiality, integrity, and availability principles.
  • Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).
  • Knowledge of cyber threats and vulnerabilities.
  • Knowledge of cyber defense and vulnerability assessment tools and their capabilities.
  • Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, DNS and directory services.
  • Knowledge of authentication, authorization, and access control methods.
  • Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.

Minimum Qualifications

Equal Employment Opportunity

KLA is an Equal Opportunity Employer. Applicants will be considered for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, or any other characteristics protected by applicable law.

Related Careers