Key Responsibilities Include : Lead the GCIRT Team on behalf of the Director of Forensics & Incident Response. Overseeing the day to day operations, ensuring appropriate GCIRT response to cyber security events and alerts associated to threats, intrusions, and / or compromises.
Develop Incident Response Team playbooks following established and repeatable processes for triaging and containment of an incident to align with industry best practices, minimizing gaps in response and mitigation of threats.
Coordinate successful conclusion of security incidents according to Process & Procedures. Escalates severe incidents according to Experian’s Incident Response Plan.
Advise and mentor GCIRT team members, ensuring development and training.Develop and maintain methodology and framework of Operational Metrics and KPIs.
Effectively manages multiple cases related to security incidents throughout the incident response lifecycle; including Analysis, Containment, Eradication, Recovery, and Lessons Learned.
Identifies best methods to contain, eradicate, and recover from a wide variety of security incidents. Provides recommendations to proactively prevent incidents from re-
occurring in the future. Maintains all case documentation, including notes, analysis findings, containment steps, and root cause for each assigned security incident.
Maintains a foundational understanding of common Operating Systems (Windows, Linux, Mac OS), Networking (Firewalls, Proxies, etc.
and Security Technologies (Anti-Virus, Intrusion Prevention, etc.)Interprets device and application logs from a variety of sources (e.
g. Firewalls, Proxies, Web Servers, System Logs, Splunk, Packet Captures, etc.) to identify root cause and determine next steps for containment, eradication, and recovery.
Ability to work hours or shifts outside of normal work hours when required to manage, investigate and respond to security incidents.
Establish and maintain excellent working relationships with team members, end-users, stakeholders, management, and infrastructure support teams throughout the global organization.
Contribute to departmental training, reporting of metrics, and process improvement. Job Requirements Experience of working within Security Operations Center or Incident Response Team with a minimum of five (5) years of experience as a Cyber Security Incident Response Team Lead (or above).
Bachelor’s Degree in Computer Science, Computer Engineering, Information Security or a related field. 2 years of experience working within a Security Operations Centers or Cyber Security Incident Response Teams may be accepted in lieu of this education requirement.
Demonstrate strong knowledge of Incident Response and Investigative Methodology. Demonstrate critical thinking skills, analytical expertise, attention to detail, and ability to function in a fast-
paced environment.Candidates with certifications involving incident response, ethical hacking, or cyber security (i.e. GCIA, GCIH, CISSP, CEH, etc.
have a strong advantage.Candidates able to exhibit skills using common Incident Response applications such as Splunk, Tanium, and FireEye are preferred.
Strong English verbal and written skills are necessary. The ability to explain technical terminology to the lay person is frequently required.
Candidates with competent speaking, reading, and writing skills in a 3rd language have a stronger advantage.Must work well with a global team-
oriented environment and has flexibility to work a shift schedule (including nights and weekends).Candidate must be self-
motivated and capable of working with little supervision.Proven previous job stability, including maintaining long-term work relationships with former employers.
Must be able to clear the company’s pre-employment screening.