Remote
Description
As part of the Global Cybersecurity Incident Management (GCIM) team you will coordinate containment, eradication and post-incident activities for critical cyber security incidents. You will play a key role in the Incident Response Team (IRT) overseeing, validating and documenting containment acting as a point of escalation for our Global Security Operations Center (GSOC). Following security incident containment & recovery you will be responsible for engaging with key stakeholders for any Root Cause Analysis (RCA) and post-incident activity, ensuring we have reduced the chances of incident recurrence and assessed the efficiency of our incident response techniques and procedures.
What Part Will You Play?
- Coordinate incident response in line with the corporate security incident response plan.
- Manage post-incident activity to include scheduling and chairing Post Incident Reviews (PIR), the documentation of Root Cause Analysis and the tracking of actions to prevent incident recurrence.
- Provides 24x7 on-call incident management support on rotation for critical security incidents.
- Stays up to date with new and emerging threats that can affect the organisation's information assets, third party software/solutions, IT configuration changes, and network/system.
- Provides executive level written communication during incident response for inquiries related to security incidents or assigned cases.
- Coordinate the remediation of findings from the organisation’s Bug Bounty Program working directly with whitehat researchers.
- Works closely with Risk Management teams to document identified risks and issues highlighted through post-incident or root cause analysis activities.
- Maintains a working knowledge of key data security frameworks and regulations such as PCI (Payment Card Industry)/Logical Security guidelines and models, HIPPA (Health Insurance Portability and Accountability Act), (GDPR) General Data Protection Regulation, PII (Personally Identifiable Information), NIST CSF (Cyber Security Framework).
- Collaborates with Legal and Privacy Offices throughout the company on critical data protection/security incidents.
- Participates in reviews and assessments to provide recommendations to enhance or improve the security posture of environments as part of post incident activities and lessons learned.
- Maintain and follow runbooks for day-to-day incident response activities in line with the corporate security incident response plan.
What Are We Looking For in This Role?
- Minimum Qualifications
- Relevant Experience or Degree related field. Or relevant work experience in a related field.
- Typically Minimum 2 Years Relevant Experience with Incident Management or Incident Response
- Knowledge of network operations or engineering or system administration on Unix, Linux, MAC (Message Authentication Code), or Windows; common security operations, intrusion detection systems, Security Incident Event Management systems, Penetration Testing, Web Application assessment, Secure Coding practices, Cloud Technologies.
Preferred Qualifications
- ITIL V4
- Professional security certifications such as CompTIA Security+/ Cybersecurity Analyst+, or Systems Security Certified Practitioner (SSCP), or CISM(Certified Information Security Manager), or CISA(Certified-Information-Systems-Auditor), or GSEC (GIAC Security Essentials), or GCIH (GIAC Certified Incident Handler)
- Knowledge of industry standard security compliance programs PCI (Payment Card Industry), GDPR (General Data Protection Regulation), NIST Cyber Security Framework etc.)
- Cloud Knowledge or certifications such as Google Cloud Fundamental or AWS Foundations
- Experience working in Google Workspace and JIRA
What Are Our Desired Skills and Capabilities?
- Strong verbal and written communication skills.
- Demonstrated ability to effectively communicate ideas and persuade others to accomplish challenging goals and objectives.
- Ability to facilitate meetings and enable discussions that lead to resolution and communicate results.
- Skills / Knowledge - Developing professional expertise, applies company policies and procedures to resolve a variety of issues.
- Job Complexity - Works on problems of moderate scope where analysis of situations or data requires a review of a variety of factors. Exercises judgement within defined procedures and practices to determine appropriate action. Builds productive internal/external working relationships.
- Supervision - Normally receives general instructions on routine work, detailed instructions on new projects or assignments.
- Industry Knowledge - Continued self-education of new and emerging threats and relevant processes, controls, or technologies to mitigate them.
- Incident Response - Knowledge and skills to contribute to all phases of Incident Response.
