The Cyber Security Incident Response Team (CSIRT) Member conducts essential cyber security incident handling activities to defend organization from cyber-attacks, through timely detection, investigation and remediation of potential threats. They are the primary contact for any suspected security incident and work together with SOC team to resolving incidents and remediating threats.
Main Tasks And Responsibilities
- Serve as the main local escalation point and work with the IR Team on security incident prioritization and management.
- Responsible for acting on alerts, events, and incidents escalated from the SOC Team.
- Perform technical cyber security investigations on escalated security incidents to validate and implement (coordinate implementation of) recommended actions on containment/remediation/eradication of threats.
- Perform detailed cyber security investigation on security alerts and escalated security incidents (including vCERT for Critical Incidents) to validate and implement (coordinate implementation of) recommended actions on containment/remediation/eradication of threats.
- Serve as a Subject Matter Expert (SME) on the incident response & technical investigation lifecycle utilizing local security tool stack, packet captures, reports, data visualization, and pattern analysis,
- Compile Post Incident Analysis report based on Lessons Learned from critical cybersecurity incidents and work on closing the vulnerability that led to a security incident
- Serve as a Cyber Security Champion, providing implementation and maintenance of security policies and threat models across an array of local security tool stack (EDR, NDR, Email protection, etc.)
- Review the vulnerability finding reports and coordinate mitigation activities
- Providing a 360 view and in depth analysis of the past incidents, owning the deep dive and coordination to turn data into information. RESTRICTED
- Coordinate onboarding/troubleshooting activities with various client teams to ensure high data fidelity and continuous data stream on all Log Sources monitored.
- Gather and continuously update the CFC systems with client contextual information and inventory of onboarded log sources.
- Development of custom reporting to the client from the available CFC data. Provision customer support through audits
Qualifications, Experience, Skills
- Minimum 4 years of security experience and 5 plus years of IT experience preferable Bachelor's Degree in Computer Science, Computer Networking, or Computer Security or equivalent
- CISSP or CISA or CISM Certifications or equivalent
- Advanced understanding of information security, border protection, incident handling & response, endpoint protection & encryption
- Strong understanding of computer science: algorithms, data structures, databases, operating systems, networks, and tool development
- Able to evaluate current people, processes, technology, and business drivers to improve the SOC service.
- Network infrastructure knowledge, advanced knowledge of TCP/IP and Internet protocols.
- Experience with network packet and Netflow analysis, In-depth knowledge of infrastructure and operating systems.
- Policy and Standards, Incident Management, Prioritization, Technologies, Security, Testing, Monitoring, IT Change, Infrastructure, Application
- Understanding and experience using various security related exploits and tools
- Strong ability to communicate write clearly and speak authoritatively to different audiences
- Advanced knowledge in; Firewalls, VPN, Intrusion detection and prevention systems, anti-virus and content filtering, URL filtering, authentication solutions, switches, routers, VoIP, DMZ.
- Red teaming, VA PT experience is an added advantage
Vertical
Technology
