- Bachelor or master’s degree in Computer Science, Information Systems, or equivalent experience.
- At least 4+ years of directly related experience in Information Security Threat Detection and Incidence response.
- Experienced in analysis of data for cause; identification of casual factors, root causes, and recommendations; report development; tailored presentations.
- • Experienced in managing investigation-related document library and responding to external group requests.
- • Familiarization with common protocols and services (FTP, HTTP, SSH, SMB, LDAP, etc.).
- Familiarity with various types and techniques of cyber-attacks.
- Experienced with command-line interfaces.
- Experience in Log and Event analysis and data correlation.
- Strong experience in Packet analysis tools (tcpdump, Wireshark, ngrep, etc.).
- Strong experience in SIEM (Splunk, RSA).
- Excellent command of English, both written and verbal.
- Excellent problem-solving skills with the ability to diagnose and troubleshoot technical issues.
- Customer-oriented with a strong interest in customer satisfaction.
- The ability to learn new technologies and concepts quickly.
- Must possess either one or more of the following certifications – CEH, CHFI, SANS GCIH, SANS GCFA, CISSP.
- Perform trend analysis on reoccurring incidents and produce reports on such trends in such format as senior management requires from time to time.
- Manage, monitor and where possible ensure Problems and Major Incidents are permanently fixed (including identifying, recording and allocation of Problems/Major Incidents to the relevant team)
- Ensure that the root cause of Problem is proactively identified and documented
- Chair and contribute to any meetings concerning Incident Root Cause Analysis
- Drives our strategy for SIEM and oversees the effectiveness of the technology and process. Involves appropriate tuning, correlation of critical logs, connection to our incident response process, and reporting of relevant metrics.
- Experience conducting analysis/investigation and containment of potential data breaches or cyber security incidents.
- Ability to lead technical bridge lines to develop quick containment solutions to cyber-security incidents
- Respond to critical security incidents and supervise escalation teams to close incidents with response, containment and remediation actions.
- Create, maintain and promote a set of CSIRT operation playbooks to effectively trigger and execute the security incident response process.
- Manages the current state of logging and monitoring, maintains a vision of ideal state of logging and monitoring and drives a prioritized roadmap to reduce the gaps.
- Present incident response report and lessons learned to management
- Provide security control enhancement recommendations based on security incident data
- Communicate and build effective relationships with people at all levels
- Responsible to manage and drive to closure all Audit issues to the Incident Response and Management process.
- Familiarity with security vulnerabilities, exploits, malware and digital forensics.
- Ability to manage projects, milestones, and deliverables for business-related objectives.
- Communicates and educate information security risks to end-users
- Build security utilities and tools for internal use that enables you and your fellow team mates to operate at high speed and broad scale
- Analyze large and unstructured data sets to identify trends and anomalies indicative of malicious activities
- Provide situational awareness on the current threat landscape and the techniques, tactics and procedures associated with specific threats
- Work with the Security Response Center analysts on incident response tickets and manage / prioritize queue assignments
Provides holistic security guidance to a wide variety of internal business partners across network, host, database, application, and people/process domains.
At advanced levels, may provide program or portfolio-level guidance to business unit leaders and embedded security champions.
Typically offers deeper specialization and expertise in one or more areas.
Prioritizes own work and may have duties instructing, directing, assigning and overseeing work of more junior team members
Understands and contributes to cybersecurity strategy, policy, standards, and procedures
Creates and delivers presentations to both technical and non-technical audiences on Cybersecurity topics
Translates cybersecurity requirements into specific systems, applications and product designs for a specific client, program or project
Collaborates with clients regarding secure product configuration, deployment, and how they align and adhere to applicable security policies and standards to minimize security vulnerabilities
Guides clients in development and implementation of security control