CYBERSECURITY INCIDENT RESPONSE - LEVEL 2

The Cyber Security Incident Response Team (CSIRT) Member conducts essential cyber security incident handling activities to defend organization from cyberattacks through timely detection investigation and remediation of potential threats. They are the primary contact for any suspected security incident and work together with SOC team to resolving incidents and remediating threats.

Main tasks and responsibilities

• Serve as the main local escalation point and work with the IR Team on security incident prioritization and management.
• Responsible for acting on alerts events and incidents escalated from the SOC Team.
• Perform technical cyber security investigations on escalated security incidents to validate and implement (coordinate implementation of) recommended actions on containment/remediation/eradication of threats.
• Perform detailed cyber security investigation on security alerts and escalated security incidents (including vCERT for Critical Incidents) to validate and implement (coordinate implementation of) recommended actions on containment/remediation/eradication of threats.
• Serve as a Subject Matter Expert (SME) on the incident response & technical investigation lifecycle utilizing local security tool stack packet captures reports data visualization and pattern analysis
• Compile Post Incident Analysis report based on Lessons Learned from critical cybersecurity incidents and work on closing the vulnerability that led to a security incident
• Serve as a Cyber Security Champion providing implementation and maintenance of security policies and threat models across an array of local security tool stack (EDR NDR Email protection etc.)
• Review the vulnerability finding reports and coordinate mitigation activities
• Providing a 360 view and in depth analysis of the past incidents owning the deep dive and coordination to turn data into information. RESTRICTED
• Coordinate onboarding/troubleshooting activities with various client teams to ensure high data fidelity and continuous data stream on all Log Sources monitored.
• Gather and continuously update the CFC systems with client contextual information and inventory of onboarded log sources.
• Development of custom reporting to the client from the available CFC data. Provision customer support through audits

Qualifications Experience Skills

• Minimum 4 years of security experience and 5 plus years of IT experience preferable Bachelors Degree in Computer Science Computer Networking or Computer Security or equivalent
• CISSP or CISA or CISM Certifications or equivalent
• Advanced understanding of information security border protection incident handling & response endpoint protection & encryption
• Strong understanding of computer science: algorithms data structures databases operating systems networks and tool development
• Able to evaluate current people processes technology and business drivers to improve the SOC service.
• Network infrastructure knowledge advanced knowledge of TCP/IP and Internet protocols.
• Experience with network packet and Netflow analysis Indepth knowledge of infrastructure and operating systems.
• Policy and Standards Incident Management Prioritization Technologies Security Testing Monitoring IT Change Infrastructure Application
• Understanding and experience using various security related exploits and tools
• Strong ability to communicate write clearly and speak authoritatively to different audiences
• Advanced knowledge in; Firewalls VPN Intrusion detection and prevention systems antivirus and content filtering URL filtering authentication solutions switches routers VoIP DMZ.
• Red teaming VA PT experience is an added advantage

Vertical

Technology

Remote Work :

No