Responsibilities:

• Primarily responsible for the response to and recovery from emerging information security incidents, acting as the focal point leading response efforts and ensuring effective action to contain and remediate the situation
• Respond to cybersecurity incidents and perform triage to assess the severity of the incident and determine the appropriate response.
• Conduct open-source intelligence (OSINT) investigations to identify and track down malicious actors and their tactics, techniques, and procedures (TTPs).
• Participate in red team/blue team exercises to test and improve the organization's incident response capabilities.
• Collaborate with other members of the cybersecurity team to develop and implement security controls and incident response procedures.
• Provide technical guidance and support to junior incident responders as needed.
• Maintain up-to-date knowledge of the latest security threats and trends through continuous learning and professional development.
• Perform forensically sound collections of ESI from laptops, desktops, mobile devices, hard drives, servers and cloud data sources both onsite and remotely.
• Verify, extract and analyze systems, logs and malware data in support of investigations and litigation systems
• Drive efficient, repeatable, proactive, integrated, and mature cyber defense and response
• Supports the investigation of reported security breaches and, in coordination with global security operations, develop procedures to respond to security incidents and assist with investigations

•Contributes to the analysis and delivery of findings to internal customers with impactful, comparative, interpretative security analysis in a clear, consistent, and factual manner.

• Responsible for establishing communications bridges and meetings in support of response efforts
• Responsible for maintaining proper group focus during investigation activities and redirecting efforts in support of timely recovery

•Responsible for aggregating information relevant to the situation and synthesizing probable root cause

•Responsible for developing and recommending best course of action based on solid security principles

• Driving the incident response process from detection through containment and eradication.
• Accountable for documenting all partner activity, taken in response to emerging situations
• Accountable for the day-to-day review and assessment of security events that may become or contribute to security incidents.

•Ensures work is compliant with enterprise policies, procedures and the local business plan

•Responsible for ensuring appropriate post-mortem and lessons-learned sessions are conducted, following incident restoration of service

• Responsible for organizing and taking part in cross-functional incident exercise activities, ensuring that policy and procedure are followed

•Responsible for ensuring knowledge of IT security and emerging threat scenarios is current

•Responsible for reviewing threat intelligence sources is support of security situational awareness

•Responsible for assisting in the development of vulnerability and threat related communications for potential dissemination to warn employees of an emerging situation

•Responsible for ensuring information arising from incident response activities, that would result in configuration changes or other modifications to ensure security posture, is communicated to the proper operational contacts for execution.

Skills Required:

• 7+ years of total experience in Information Technology
• Bachelor's Degree in Computer Science/MIS or equivalent experience
• 3+ years of professional experience in an information security function, including analyzing and applying information security risk management, and privacy practices
• 2+ years in an information security incident handling role
• Strong understanding of network protocols and security technologies, including firewalls, intrusion detection systems, and encryption.
• Experience with open-source intelligence (OSINT) tools and techniques.
• Experience with cloud and physical forensic investigations, delivering executive reports
• Knowledge of red team/blue team exercises and experience participating in such exercises.
• Technical understanding of incident response frameworks and methodologies with a focus on automation.
• Experience with Intel, SIEM, and SOAR platforms, such as, ThreatConnect/MISP, Snowflake/ Splunk, and Swimlane/DeMisto
• Expertise with commercial and open-source digital forensic toolsets such as Encase, AccessData, SIFT, Axiom Flexible working hours to support a global operation
• Required Interpersonal Skills
• Experience engaging with executive level individuals during the conduct of incident response
• Excellent oral and written communication ability
• Ability to present complex technical issues and findings to diverse audiences in both technical and non-technical parlance, both orally and in writing
• Diplomacy in working with customers and stakeholders
• Ability to follow policy and procedure
• Ability to work in a team and at times perform under stress
• Demonstrate integrity in dealing with potentially sensitive data and restricted information
• Exceptionally self-motivated with a superior analytical, evaluative, and problem-solving abilities
• Ability to set and manage priorities judiciously
• Required Technical Skills
• Knowledge of basic security principles to include confidentiality, integrity, and availability; access control, authentication, and authorization; privacy and non-repudiation
• Understanding of security vulnerabilities and exposures, and from where they arise
• Familiarity with the Internet, its network protocols, and network applications and services
• Knowledge of network security issues and host/system security issues
• Understanding of malicious code of various types and various threat vectors
• Experience with Risk Analysis and Risk Management
• Basic understanding of programming and scripting, advanced knowledge a plus
• Required Incident Handling Skills
• Through good communication and documentation, presents a consistent front to customers and stakeholders
• Ability to synthesize data from technical skills listed above to understand and identify intruder techniques
• Ability to utilize interpersonal skills listed above to communicate with customers and stakeholders and bring quick resolution
• Demonstrated ability to analyze ongoing situations for the potential of a security incident
• Ability to maintain incident records in support of recovery, regulatory and legal requirements
• Familiar with ITIL service management methodology.
• Prior experience in a 24x7x365 operations environment.
• Strong technical skills in security assessments of external service providers, providing security guidance, and participating in mock security breach exercises
• Experience with GDPR and GDPR compliance implementations
• Experience and/or SME knowledge of the ISO 27001, NIST 800-53, NIST CSF and PCI DSS
• Preferred certifications: CISSP, ITIL, GCIH, CERT/CC CSIH, GCTI, GCFR, GCFA, GIME, GCFE
• Multiple language capability desired
• Occasional Domestic or International Travel, up to 25%
• Should be able to travel to office and support the work necessary to accomplish successful deliverables within the role. No heavy lifting of equipment is required for this role.