As a member of Experian’s Global Security Office (EGSO) / GlobalCyber Incident Response Team, (GCIRT) this individual will respond, contain, escalate,investigate, and coordinate mitigation of security events relative to anomaliesdetected and escalated by the Global Security Operations Center (GSOC)according to Experian’s Incident Response Plan.
The member will respond andanalyze security incidents involving threats targeting Experian informationassets. These threats may include phishing, malware, network attacks, suspiciousactivity, etc.
In addition, this position will involve working with end-users,stakeholders, technical support teams, and management to ensure proper remediationand recovery from these threats.
This position will include working withemployees in US / UK / APAC / EMEA / Spanish LATAM.
This is a technical position supporting the strategies of theGlobal Security Operations Center and the Chief Information Security Officer.
This position reports to the Director of Forensics& Incident Response and involves supporting other EGSO team members to includeresearch, training, and data gathering.
Key Responsibilities Include :
Responds to cyber security events and alerts associated to threats, intrusions, and / or compromises.
Effectively manages multiple cases related to security incidents throughout the incident response lifecycle; including Analysis, Containment, Eradication, Recovery, and Lessons Learned.
Identifies best methods to contain, eradicate, and recover from a wide variety of security incidents. Provides recommendations to proactively prevent incidents from re-
occurring in the future.
Coordinates successful conclusion of security incidents according to Process & Procedures. Escalates severe incidents according to Experian’s Incident Response Plan.
Maintains all case documentation, including notes, analysis findings, containment steps, and root cause for each assigned security incident.
Maintains a foundational understanding of common Operating Systems (Windows, Linux, Mac OS), Networking (Firewalls, Proxies, etc.
and Security Technologies (Anti-Virus, Intrusion Prevention, etc.)
Interprets device and application logs from a variety of sources (e.g. Firewalls, Proxies, Web Servers, System Logs, Splunk, Packet Captures, etc.
to identify root cause and determine next steps for containment, eradication, and recovery.
Ability to work hours or shifts outside of normal work hours when required to investigate and respond to security incidents.
Establish and maintain excellent working relationships with team members, end-users, stakeholders, management, and infrastructure support teams throughout the global organization.
Contribute to departmental training, reporting of metrics, and process improvement.
Bachelor’s Degree in Computer Science, Computer Engineering, Information Security or a related field. 2 years of experience working within a Security Operations Centers or Cyber Security Incident Response Teams may be accepted in lieu of this education requirement.
Demonstrate knowledge of Incident Response and Investigative Methodology.
Demonstrate critical thinking skills, analytical expertise, attention to detail, and ability to function in a fast-paced environment.
Candidates with certifications involving incident response, ethical hacking, or cyber security (i.e. GCIA, GCIH, CISSP, CEH, etc.
have a strong advantage.
Candidates able to exhibit skills using common Incident Response applications such as Splunk, Tanium, and FireEye are preferred.
Strong English verbal and written skills are necessary. The ability to explain technical terminology to the lay person is frequently required.
Candidates with competent speaking, reading, and writing skills in a 3rd language have a stronger advantage.
Must work well with a global team-oriented environment and has flexibility to work a shift schedule (including nights and weekends).
Candidate must be self-motivated and capable of working with little supervision.
Proven previous job stability, including maintaining long-term work relationships with former employers.
Must be able to clear the company’s pre-employment screening.