Full-Time Cyber Incident Response Lead

Respond, contain, escalate, investigate, and coordinate mitigation of security events. As a member of Experian's Global Security Office (EGSO)/Cyber Fusion Center (CFC), you'll respond to anomalies detected and escalated by the Cyber Fusion Center, following Experian's Incident Response Plan.

Join a growing team of advanced responders. This role supports escalations of complex and prioritized matters from Experian's existing 24x7 security monitoring and response functions, responding to and analyzing security incidents involving threats targeting Experian information assets.

Work with various teams and stakeholders. You'll work with end-users, technical support teams, and management to ensure remediation and recovery from these threats.

Key Responsibilities:

• Conduct advanced incident response activities to investigate and contain complex or larger-scale cybersecurity matters.
• Orchestrate workstreams across teams (Forensics and Cyber Threat Hunting) and explain the CFC's overall understanding of attacker activity.
• Respond to cyber security events and alerts associated with threats, intrusions, or compromises (meeting applicable Service Level Objectives).
• Manage multiple cases throughout the incident response lifecycle (Analysis, Containment, Eradication, Recovery, and Lessons Learned).
• Coordinate successful incident conclusion according to process and procedures, escalating severe incidents.
• Maintain detailed case documentation (notes, analysis findings, containment steps, cause).
• Manage assigned caseload and hand off cases as needed.
• Maintain understanding of common Operating Systems, Security Technologies, and Networking.
• Interpret logs (Firewalls, Proxies, Web Servers, System Logs, Splunk, Packet Captures) to identify root cause and next steps.
• Mentor and provide advanced support to analysts.
• Support overall direction for the CFC and input to security strategy.

Required Background:

• Bachelor's Degree in Computer Science, Computer Engineering, Information Security, or related field, or 8+ years of experience in Security Operations Centers or Cyber Security Incident Response Teams.
• Demonstrated knowledge of Incident Response and Investigative Methodology.
• Knowledge of network protocols (TCP/IP, UDP, ICMP), standard protocols (HTTP/S, DNS, SSH, SMTP, SMB), wireless networking, network infrastructure, and topologies (DMZ, VPN, WAN) and network technologies (WAF, IPS, Routers, Firewalls).
• Experience with commercial and open-source SIEMs, full packet capture tools, and network analysis tools (Splunk, Wireshark, SOF-ELK).
• Experience using common Incident Response and Security Monitoring applications (SIEM, EDR, WAF, IPS).
• Knowledge of common intrusion methods and cyber-attack tactics, techniques, and procedures (TTPs).
• At least one certification involving incident response, ethical hacking, cyber security, or network forensics (e.g., GCIH, E|CEH, E|CIH, GNFA, CNFE).
• Security Management certification (e.g., CISSP, CISM) or obtain within two years.

What is the last date for applying to the job?

Which countries are accepted for this remote job?