Senior Cyber Security Incident Responder

About the position Responsibilities • Work with senior management to develop and maintain CSIRT process and practice documents • Lead CSIRT service transition and serve as a trusted advisor to manage customer expectations • Review incident response activities and documentation efforts of the support team and provide feedback as necessary • Provide or arrange for necessary training for the support team on CSIRT methods and/or security tooling used in the client environment • Receive and monitor incident information from Verizon managed security services and other sources • Oversee creation of Threat Intel Reports for security threats that might impact the client environment or have interest to the client • Review the collected incident data and confirm or reject incidents based on the analysis • Classify and prioritize incidents based on established criteria • Facilitate communication between stakeholders of the status of the incidents with weekly and/or monthly meetings and reports • Coordinate at least annual Table Top Exercises for the team and client security team training needs • Coordinate the containment effort based on the available information and established processes • Make containment decisions and facilitate decision making by other parties using established escalation process • Communicate with the affected users and stakeholders to organize the containment effort • Verify the effectiveness of containment actions taken • Identify the attack vector of used by incident and confirm take actions to confirm that similar incidents are prevented in the future • Validate the effectiveness of the eradication actions • Coordinate forensics and law enforcement activities with officials if necessary • Coordinate the recovery actions; confirm that the recovery effort was successful; and confirm that all temporary containment efforts have been removed • Update stakeholders on the status of the recovery effort • Conduct a root cause analysis for Critical or High incidents • Communicate the results of the root cause analysis to Customer and stakeholders to prevent similar incidents in the future • Analyze the incident response effort, with feedback from Customer and third parties. Identify and analyze any mistakes as well as good decisions done during response process • Use the results of the analysis as an input for improvements, such as incident response process changes or changes in security monitoring Requirements • Bachelor's degree or four or more years of work experience • Four or more years of relevant work experience • Relevant work experience in: a cybersecurity capacity, responding to cybersecurity incidents, triaging, and/or investigating cybersecurity incidents Nice-to-haves • Bachelor's degree or Master's degree in Computer Science, Cyber Security or related technical or business field • Strong background in CSIRT and SIEM technologies • Splunk experience and certification • Proven background using various EDR tools like Carbon Black, Crowdstrike or Tanium • Strong communication skills and ability to engage with customers at both technical and executive levels • Clear and concise written and oral communication, including the ability to produce professional-level documentation • Strong problem-solving and security analytics skills; able to identify gaps in processes and recommend improvements for mitigation • Strong leadership skills and a proactive approach to customer issues with background leading a remote team • Ability to excel in high pressure environments • SANS or other Security Certifications, such as GCIA, GCIH, GCFE, GREM, GPEN, CEH • CISSP Certification • CISM Certification • ITIL Foundations training / Certification • Significant experience with how to structure and operate an efficient Incident Response process • Knowledge of common types of malware, their infection vectors, how to identify them using network and host based tools, how to eradicate them and verify the success of eradication efforts • Knowledge of current security threats and vulnerabilities, how to detect and mitigate them, ability to understand their possible consequences on the customer's environment • Understanding of modern technologies used to detect malware and vulnerabilities and protect assets • Understanding of modern network and cloud technologies Apply tot his job Apply To this Job