Infosec Incident Responder

Job Description

Responsibilities

We have all the exciting ingredients and challenges that a global Company can offer in the modern Security Incident Response domain, across the threat landscape, technology, operations and intelligence.

You will have a significant level of autonomy and ownership of the Cyber Security Incident Response domain in the Company.

Your main responsibilities will be:
• Lead, steer and oversee the technical response to advanced cyber security incidents, when triaged, investigated and escalated by the global SOC
• Act as highest level of technical escalation for security incidents identified by Managed SOC Provider Analysts and Incident Responders
• Establish priority and urgency on a wide spectrum of potential incidents and advise the appropriate response
• Conduct investigations on infrastructure through forensic analysis to identify Indicators of Compromise (IoCs)
• Lead the Intelligence-Driven Hypothesis-Based Threat Hunting initiative and cultivate the hunt lifecycle across our massive global IT estate
• Advise on the development of SOC runbooks and procedures through constant feedback and advising on the iterative improvement
• Advise on the automation and orchestration playbooks and, working closely with our InfoSec SOAR and ITSM Engineering
• Advise on the security data collection and analytics, working closely with our InfoSec Platform Engineering and Architecture, SIEM, NDR and EDR included
• Advise on Threat Detection and Threat Intelligence strategy to ensure a comprehensive and relevant coverage across the MITRE ATT&CK Matrix and potential threat actors targeting the Company
• Collaborate and advise the Business Owners to contain and resolve security incidents within broad IT domains across the Company
• Advise on the security posture improvements within the post-incident activities to take our cyber resiliency to the next level
• Maintain incident reporting and communication strategy with senior InfoSec and Company Business Leadership

Preferred Qualifications

We are looking for a ''full package'' seasoned Cyber Security Incident Response professional, with a demonstrated track record in the industry. Thus, we expect you to have a broad experience in analyzing, triaging, scoping, containing, providing guidance for remediation, and determining the root cause of cybersecurity incidents.

We expect intimate familiarity with the craft of collecting and analyzing security incident related data to identify indicators of attack and compromise.

An ideal Candidate would have a passion for learning new technologies, collaborating with other experts to find solutions, and have a calm and positive attitude with a sense of humor in the neverending battle against the evolving threats.
• 4-6 years of experience with increasing responsibilities within a Security Operations Center / CERT / CIRT / CSIRT / MDR environments
• Comfortable familiarity with all aspects of the modern Incident Response lifecycle
• Good understanding of the threats faced by direct to consumer and digital platform organizations
• Hands-on technical experience with application security topics such as the OWASP top 10
• Hands-on technical experience with SIEM & logging tools (Splunk, Kibana, Qradar) and the ability to extract actionable intelligence from large volume aggregated log storage
• Hands-on technical experience with SOAR Platforms and the concepts of runbooks and automation
• Knowledge and appreciation of MITRE ATT&CK Matrix and its practical applications
• Solid knowledge of TCP/IP networking and protocols.
• Hands-on technical experience with public cloud infrastructure and concepts, specifically cloud-native security tools
• Working knowledge of network and content security systems such NGFW, Proxy, Email Security, Routing and Switching
• Familiarity with Identity Access Management and SSO brokers
• Hands on technical experience with open source and commercial proprietary threat intel tools for intelligence gathering
• SANS GIAC Incident Response certifications (GSEC, GCIH, GCIA, GCFA, GREM) are a substantial plus
• Other high-end cybersecurity and IT certifications are a plus
• Solid time management and organizational skills
• Solid communication and presentation skills

Jobcode: Reference SBJ-d5z97z-3-146-37-35-42 in your application.