Senior Cyber Security Incident Responder

About the position

Responsibilities

• Work with senior management to develop and maintain CSIRT process and practice documents
• Lead CSIRT service transition and serve as a trusted advisor to manage customer expectations
• Review incident response activities and documentation efforts of the support team and provide feedback as necessary
• Provide or arrange for necessary training for the support team on CSIRT methods and/or security tooling used in the client environment
• Receive and monitor incident information from Verizon managed security services and other sources
• Oversee creation of Threat Intel Reports for security threats that might impact the client environment or have interest to the client
• Review the collected incident data and confirm or reject incidents based on the analysis
• Classify and prioritize incidents based on established criteria
• Facilitate communication between stakeholders of the status of the incidents with weekly and/or monthly meetings and reports
• Coordinate at least annual Table Top Exercises for the team and client security team training needs
• Coordinate the containment effort based on the available information and established processes
• Make containment decisions and facilitate decision making by other parties using established escalation process
• Communicate with the affected users and stakeholders to organize the containment effort
• Verify the effectiveness of containment actions taken
• Identify the attack vector of used by incident and confirm take actions to confirm that similar incidents are prevented in the future
• Validate the effectiveness of the eradication actions
• Coordinate forensics and law enforcement activities with officials if necessary
• Coordinate the recovery actions; confirm that the recovery effort was successful; and confirm that all temporary containment efforts have been removed
• Update stakeholders on the status of the recovery effort
• Conduct a root cause analysis for Critical or High incidents
• Communicate the results of the root cause analysis to Customer and stakeholders to prevent similar incidents in the future
• Analyze the incident response effort, with feedback from Customer and third parties. Identify and analyze any mistakes as well as good decisions done during response process
• Use the results of the analysis as an input for improvements, such as incident response process changes or changes in security monitoring

Requirements

• Bachelor's degree or four or more years of work experience
• Four or more years of relevant work experience
• Relevant work experience in: a cybersecurity capacity, responding to cybersecurity incidents, triaging, and/or investigating cybersecurity incidents

Nice-to-haves

• Bachelor's degree or Master's degree in Computer Science, Cyber Security or related technical or business field
• Strong background in CSIRT and SIEM technologies
• Splunk experience and certification
• Proven background using various EDR tools like Carbon Black, Crowdstrike or Tanium
• Strong communication skills and ability to engage with customers at both technical and executive levels
• Clear and concise written and oral communication, including the ability to produce professional-level documentation
• Strong problem-solving and security analytics skills; able to identify gaps in processes and recommend improvements for mitigation
• Strong leadership skills and a proactive approach to customer issues with background leading a remote team
• Ability to excel in high pressure environments
• SANS or other Security Certifications, such as GCIA, GCIH, GCFE, GREM, GPEN, CEH
• CISSP Certification
• CISM Certification
• ITIL Foundations training / Certification
• Significant experience with how to structure and operate an efficient Incident Response process
• Knowledge of common types of malware, their infection vectors, how to identify them using network and host based tools, how to eradicate them and verify the success of eradication efforts
• Knowledge of current security threats and vulnerabilities, how to detect and mitigate them, ability to understand their possible consequences on the customer's environment
• Understanding of modern technologies used to detect malware and vulnerabilities and protect assets
• Understanding of modern network and cloud technologies

Apply tot his job Apply To this Job