- Assist with maturing incident response program.
- Respond to security incidents covering all phases including identification, containment and eradication
- Maintain incident response infrastructure to address overall enterprise scope including cloud, on-prem, and open source software.
- Integrate incident response tools and data into other programs e.g. vulnerability management, security architecture, IT technology deployments, etc.
- Act as engagement point for the IT team and the business across the entire company.
- Monitor our SIEM for notable events, running them down to completion.
- Tune our SIEM to look for new threats, make existing threats easier to find, and reduce false positives.
- Perform forensics on affected systems as needed.
- Participate in periodic purple team exercises with our red team.
- Actively gather cyber Intelligence to ensure response capabilities are adequate to the threats.
- Partner with teams across the organization to define remediation plans, drive and track remediation to completion, and find new approaches to improve the program.
- Identify, assesses and document the severity and potential impact of vulnerabilities and give technical guidance to teams/owners in a way that consistently drives objective using fact-based decisions.
- Find opportunities for enhancement including automation and self-service.
- Analyze data and develop metrics to measure and communicate the effectiveness of the incident response process.
- Experience using commercial SIEM’s such as Azure Sentinel, Splunk Enterprise Security, AlienVault, or LogRhythm.
- 2 - 5 years of experience in a front-line incident response role, handling technical security issues such as malware, phishing, and intrusions.
- 1 years of experience using Azure or Amazon Web Services
- 1 year of experience writing automation utilities in a scripting language, preferably python or Windows PowerShell.
- 2 - 5 years’ experience of systems administration of Windows and Linux/Unix systems.
- 2 - 5 years of security experience in relevant security domains (e.g. threat and vulnerability management, risk management, security architecture, security hardening).
- Experience with operating vulnerability assessment and incident response tools including network scanners, host-based detection agents, and web application scanners.