Full-Time Cyber Incident Response Lead

As a member of Experian's Global Security Office (EGSO)/Cyber Fusion Center (CFC), you will respond, contain, escalate, investigate, and coordinate mitigation of security events.

Responsibilities:

1. Conduct advanced incident response activities to investigate and contain complex or larger-scale cybersecurity matters.
2. Orchestrate workstreams across teams (Forensics and Cyber Threat Hunting) and explain the CFC's overall understanding of the timeline of attacker activity.
3. Respond to cyber security events and alerts associated with threats, intrusions, or compromises.
4. Manage multiple cases related to security incidents throughout the incident response lifecycle.
5. Coordinate successful conclusion of security incidents according to Process & Procedures, and escalate severe incidents.
6. Maintain case documentation, including notes, analysis findings, containment steps, and cause for each assigned security incident.
7. Maintain assigned caseload and move incidents through each phase of the IR Lifecycle.
8. Maintain an understanding of common Operating Systems (Windows, Linux, Mac OS), Security Technologies (Anti-Virus, Intrusion Prevention), and Networking (Firewalls, Proxies).
9. Interpret device and application logs from a variety of sources (Firewalls, Proxies, Web Servers, System Logs, Splunk, Packet Captures).
10. Mentor and provide advanced support to analysts.
11. Support overall direction for the CFC and input to the security strategy.

Your background:

• Bachelor's Degree in Computer Science, Computer Engineering, Information Security, or related field, or 8+ years of experience.
• Demonstrated knowledge of Incident Response and Investigative Methodology.
• Knowledge of network protocols (TCP/IP, UDP, ICMP), standard protocols (HTTP/S, DNS, SSH, SMTP, SMB), wireless networking, and network technologies.
• Experience with commercial and open-source SIEMs, full packet capture tools, and network analysis tools.
• Experience with common Incident Response and Security Monitoring applications (SIEM, EDR, WAF, IPS).
• Demonstrated knowledge of common intrusion methods and cyber-attack tactics.
• At least one certification involving incident response, ethical hacking, cyber security, or network forensics.
• Hold one Security Management certification or obtain within the first two years.

Possible Employment Type: FULL_TIME

Benefits/Perks

Compensation, medical, dental, vision, 401K, flexible work environment, PTO and holidays.

What is the last date for applying to the job?

Which countries are accepted for this remote job?