Full-Time Cyber Incident Response Lead

As a member of Experian's Global Security Office (EGSO) / Cyber Fusion Center (CFC), you will respond, contain, escalate, investigate, and coordinate mitigation of security events related to anomalies detected and escalated by the Cyber Fusion Center (CFC) according to Experian's Incident Response Plan.

This team member will join a growing team of specialized incident responders to support escalations of complex or prioritized matters from Experian's existing 24x7 security monitoring and response functions.

You will respond to and analyze security incidents involving threats targeting Experian information assets, including phishing, malware, network attacks, and suspicious activity. You will involve working with end-users, partners, technical support teams, and management to ensure remediation and recovery from these threats.

Use analytics & data collected from endpoints, environmental logging, and various sources to maximize containment and eradication of threats, while expediting business recovery.

Note: You will have a regular Monday-Friday schedule with expectations to participate in an on-call schedule or work outside of normal hours to manage cybersecurity incidents. You will report to the CFC Senior Director of Incident Management and Security Operations.

Main Responsibilities:

1. Conduct advanced incident response activities to investigate and contain complex, large-scale cybersecurity matters (potential major severity incidents).
2. In investigative matters requiring support, work with teams like Forensics and Cyber Threat Hunt, and express the CFC's overall understanding of attacker activity timelines to coordinate containment and remediation.
3. Respond to security events and alerts associated with threats, intrusions, and compromises according to Service Level Objectives (SLOs).
4. Manage multiple security incident cases throughout the incident response lifecycle (Analysis, Containment, Eradication, Recovery, and Lessons Learned).
5. Maintain case documentation, including notes, analysis findings, containment steps, and cause for each assigned incident.
6. Maintain understanding of common Operating Systems (Windows, Linux, Mac OS), Security Technologies (Anti-Virus, Intrusion Prevention), and Networking (Firewalls, Proxies).
7. Interpret device and application logs from various sources (Firewalls, Proxies, Web Servers, System Logs, Splunk, Packet Captures) to identify causes and determine next steps for containment, eradication, and recovery.
8. Provide advanced support to analysts (logs review, IP block questions) and mentor other analysts (process questions, tool usage).

Technical Skills:

• Knowledge of network protocols (TCP/IP, UDP, ICMP), standard protocols (HTTP/S, DNS, SSH, SMTP, SMB), wireless networking, network infrastructure, and topologies (DMZ, VPN, WAN).
• Understanding of network technologies (WAF, IPS, Routers, Firewalls).
• Experience with commercial & open-source SIEMs, full packet capture tools, and network analysis tools (Splunk, Wireshark, SOF-ELK).
• Knowledge of common intrusion methods and cyber-attack tactics, techniques, and procedures (TTPs).
• Experience with common Incident Response and Security Monitoring applications (SIEM, EDR, WAF, IPS).

What is the last date for applying to the job?

Which countries are accepted for this remote job?