- Coordinate Cyber Security Incident Management, investigation and resolution for Group, reporting to the Group Head of IT Security Monitoring and Incident Response.
- Enhance the Group Cyber Security Incident Management processes and SOPs, performed by internal teams and vendors.
- Identify and drive continuous improvement in Cyber Security Monitoring and Incident Response
- Perform timely and accurate Cyber Incident Response across Group, as per processes and SOPs
- Build knowledge and coach Business Units IT Security leads, to understand their role in Cyber Incident Management.
- Support service providers performing Cyber Security monitoring, to enhance their monitoring, triage investigation processes capabilities prior to escalation
- Leverage detection and response solutions in place, to further assess any escalated potential incidents
- Continuous improvement of Cyber Incident detection, contextualization and response processes, leveraging automation and orchestration where possible
- Manage and coordinate potential incidents escalations, for investigation, along with any required internal or external stakeholders
- Communication and coordination of Cyber Security Incident response actions with Business Units
- Management of Cyber Security Incidents for the Group, within SLA
- Analysis of Threat Intelligence, ensuring that Group prevention, detection and response capabilities setup is maximized against those new threats
- In depth analysis of malware or other potential malicious processes or software identified in the organization
- Coordination of Cyber Security testing activities, and providing advice on remediation
- Develop, document and maintain SOPs and knowledge base for cyber security services including incident response, intelligence analysis, evidence acquisition, forensics recovery, and others
- Continuous knowledge improvement in tools and best practices in Cyber Security threat monitoring and incident response, including contextualization and automation
- Evaluate new emerging Cyber Security technologies and make recommendations for adoption within Group
NEED TO KNOW
QUALIFICATIONS / EXPERIENCE
- Minimum 6 years working experience in Cyber Security Incident Management
- Degree from Information Technology or equivalent discipline
- Desirable Certifications on: ECCouncil Computer Hacking Forensics Investigator (CHFI), GIAC Certified Incident Handler (GCIH), GIAC Reverse Engineering
- Malware (GREM), GIAC Certified Forensic Analyst (GCFA)
- Regional experience in this role is preferred
KNOWLEDGE & TECHNICAL SKILLS
- Excellent knowledge of Advanced Persistent Threats, attack tools, techniques, and methods used by adversaries
- Excellent knowledge of penetration testing services and techniques.
- Excellent written and verbal communication skills and ability to perform working under pressure (IT Security Incidents)
- Experienced in multicultural and regional teams management and coordination
- Ability to define, prioritize and execute process in a structured manner
- Experience in an operational capacity as part of IT Security incident response function
- Experience with networking and TCP/IP traffic, along with firewall, SIEM, IPS, EPP, EDR, APT, DLP, proxy, antivirus, anti-spam and spyware solutions.
- Experience conducting log and activity review, along with stream or packet capture, in support of intrusion analysis.
- Desirable: Certification in Crowdstrike or Carbonblack EDR solutions.
- Desirable: Experience on Splunk and QRadar SIEM solutions
- Desirable: Experience with a programming/scripting language
Interested candidates may submit their resume to: [email protected]