Experian, a global leader in providing information solutions to organizations and consumers, is seeking a highly motivated Cyber Security Analyst to join our Global Security team at our Heredia, Costa Rica facility.
As a member of Experian’s Global Security Office (EGSO) / Global Cyber Incident Response Team, (GCIRT) this individual will respond, contain, escalate, investigate, and coordinate mitigation of security events relative to anomalies detected and escalated by the Global Security Operations Center (GSOC) according to Experian’s Incident Response Plan.
The member will manage the global team of GCIRT Analysts who respond and analyze security incidents involving threats targeting Experian information assets.
These threats may include phishing, malware, network attacks, suspicious activity, etc. In addition, this position will involve working with end-
users, stakeholders, technical support teams, and management to ensure proper remediation and recovery from these threats.
This position will include working with employees in US / UK / APAC / EMEA / Spanish LATAM.
This is a technical position supporting the strategies of the Global Security Operations Center and the Chief Information Security Officer.
This position reports to the Director of Forensics & Incident Response and involves supporting other EGSO team members to include research, training, and data gathering.
Key Responsibilities Include :
Lead the GCIRT Team on behalf of the Director of Forensics & Incident Response. Overseeing the day to day operations, ensuring appropriate GCIRT response to cyber security events and alerts associated to threats, intrusions, and / or compromises.
Develop Incident Response Team playbooks following established and repeatable processes for triaging and containment of an incident to align with industry best practices, minimizing gaps in response and mitigation of threats.
Coordinate successful conclusion of security incidents according to Process & Procedures. Escalates severe incidents according to Experian’s Incident Response Plan.
Advise and mentor GCIRT team members, ensuring development and training.
Develop and maintain methodology and framework of Operational Metrics and KPIs.
Effectively manages multiple cases related to security incidents throughout the incident response lifecycle; including Analysis, Containment, Eradication, Recovery, and Lessons Learned.
Identifies best methods to contain, eradicate, and recover from a wide variety of security incidents. Provides recommendations to proactively prevent incidents from re-
occurring in the future.
Maintains all case documentation, including notes, analysis findings, containment steps, and root cause for each assigned security incident.
Maintains a foundational understanding of common Operating Systems (Windows, Linux, Mac OS), Networking (Firewalls, Proxies, etc.
and Security Technologies (Anti-Virus, Intrusion Prevention, etc.)
Interprets device and application logs from a variety of sources (e.g. Firewalls, Proxies, Web Servers, System Logs, Splunk, Packet Captures, etc.
to identify root cause and determine next steps for containment, eradication, and recovery.
Ability to work hours or shifts outside of normal work hours when required to manage, investigate and respond to security incidents.
Establish and maintain excellent working relationships with team members, end-users, stakeholders, management, and infrastructure support teams throughout the global organization.
Contribute to departmental training, reporting of metrics, and process improvement.
Experience of working within Security Operations Center or Incident Response Team with a minimum of five (5) years of experience as a Cyber Security Incident Response Team Lead (or above).
Bachelor’s Degree in Computer Science, Computer Engineering, Information Security or a related field. 2 years of experience working within a Security Operations Centers or Cyber Security Incident Response Teams may be accepted in lieu of this education requirement.
Demonstrate strong knowledge of Incident Response and Investigative Methodology.
Demonstrate critical thinking skills, analytical expertise, attention to detail, and ability to function in a fast-paced environment.
Candidates with certifications involving incident response, ethical hacking, or cyber security (i.e. GCIA, GCIH, CISSP, CEH, etc.
have a strong advantage.
Candidates able to exhibit skills using common Incident Response applications such as Splunk, Tanium, and FireEye are preferred.
Strong English verbal and written skills are necessary. The ability to explain technical terminology to the lay person is frequently required.
Candidates with competent speaking, reading, and writing skills in a 3rd language have a stronger advantage.
Must work well with a global team-oriented environment and has flexibility to work a shift schedule (including nights and weekends).
Candidate must be self-motivated and capable of working with little supervision.
Proven previous job stability, including maintaining long-term work relationships with former employers.
Must be able to clear the company’s pre-employment screening.