Cyber Security Incident Response

Position: Manager

ROLE CONTEXT


PURPOSE

  • Coordinate Cyber Security Incident Management, investigation and resolution for Group, reporting to the Group Head of IT Security Monitoring and Incident Response.
  • Enhance the Group Cyber Security Incident Management processes and SOPs, performed by internal teams and vendors.
  • Identify and drive continuous improvement in Cyber Security Monitoring and Incident Response
  • Perform timely and accurate Cyber Incident Response across Group, as per processes and SOPs
  • Build knowledge and coach Business Units IT Security leads, to understand their role in Cyber Incident Management.

KEY ACCOUNTABILITIES

  • Support service providers performing Cyber Security monitoring, to enhance their monitoring, triage investigation processes capabilities prior to escalation
  • Leverage detection and response solutions in place, to further assess any escalated potential incidents
  • Continuous improvement of Cyber Incident detection, contextualization and response processes, leveraging automation and orchestration where possible
  • Manage and coordinate potential incidents escalations, for investigation, along with any required internal or external stakeholders
  • Communication and coordination of Cyber Security Incident response actions with Business Units
  • Management of Cyber Security Incidents for the Group, within SLA
  • Analysis of Threat Intelligence, ensuring that Group prevention, detection and response capabilities setup is maximized against those new threats
  • In depth analysis of malware or other potential malicious processes or software identified in the organization
  • Coordination of Cyber Security testing activities, and providing advice on remediation
  • Develop, document and maintain SOPs and knowledge base for cyber security services including incident response, intelligence analysis, evidence acquisition, forensics recovery, and others
  • Continuous knowledge improvement in tools and best practices in Cyber Security threat monitoring and incident response, including contextualization and automation
  • Evaluate new emerging Cyber Security technologies and make recommendations for adoption within Group

NEED TO KNOW


QUALIFICATIONS / EXPERIENCE

  • Minimum 6 years working experience in Cyber Security Incident Management
  • Degree from Information Technology or equivalent discipline
  • Desirable Certifications on: ECCouncil Computer Hacking Forensics Investigator (CHFI), GIAC Certified Incident Handler (GCIH), GIAC Reverse Engineering
  • Malware (GREM), GIAC Certified Forensic Analyst (GCFA)
  • Regional experience in this role is preferred

KNOWLEDGE & TECHNICAL SKILLS

  • Excellent knowledge of Advanced Persistent Threats, attack tools, techniques, and methods used by adversaries
  • Excellent knowledge of penetration testing services and techniques.
  • Excellent written and verbal communication skills and ability to perform working under pressure (IT Security Incidents)
  • Experienced in multicultural and regional teams management and coordination
  • Ability to define, prioritize and execute process in a structured manner
  • Experience in an operational capacity as part of IT Security incident response function
  • Experience with networking and TCP/IP traffic, along with firewall, SIEM, IPS, EPP, EDR, APT, DLP, proxy, antivirus, anti-spam and spyware solutions.
  • Experience conducting log and activity review, along with stream or packet capture, in support of intrusion analysis.
  • Desirable: Certification in Crowdstrike or Carbonblack EDR solutions.
  • Desirable: Experience on Splunk and QRadar SIEM solutions
  • Desirable: Experience with a programming/scripting language

Interested candidates may submit their resume to: [email protected]