General Description and Responsibilities

The CyberSecurity Incident Response Team (CSIRT) under Global Information Security (GIS) team is responsible for coordinating with IT, Legal, Human Resources, and other appropriate business units to gather incident details, assess impact, and coordinate response. This role interacts with all levels of the organization, particularly within the IT organization and is viewed as a subject matter expert on Incident Response. The focus of the role is primarily responding to security incidents, managing and consistently maturing the security incident response process, and building CSIRT’s technical investigative capabilities (process & technology). The role also involves securing both cloud and on-premise infrastructures, weeding through metrics and data to filter out suspicious activity, and finding and mitigating risks before incidents occur. If an incident does occur, security analysts are on the front line, leading efforts to counter the attack. You will identify and resolve security incidents and design supportable technical solutions which protect the availability, integrity, and confidentiality of sensitive information and assets and directly support compliance with PCI, SOX and PII

Responsibilities Include

• Overseeing security event monitoring, Suspicious Activity Report investigation, incident handling, escalations and document incidents from initial detection through final resolution.
• Mentor security analysts regarding risk management, information security controls, incident analysis, incident response, SIEM monitoring, and other operational tasks (tools, techniques, Procedures) in support of technologies managed by the Security Operations Center.
• Serve as one of the global escalation points for cybersecurity incidents not resolved at the L1/L2 levels.
• Providing forensic analysis in support of investigations including evidence seizure(artifacts) and data recovery.
• Threat Hunting to proactively detect advanced threats that evade traditional security solutions and develop SIEM alarm use cases.
• Lead and plan Purple team, IR table top exercises and assist with the creation and refinement of Incident Response Run books.
• Identifying key Indicators of Compromise (IOCs) from new or unknown malware and developing rules and signatures for detection Assessing security risks to the organization's information and communications systems.
• Researching the latest information security trends to understand the latest vulnerabilities and threats.
• Providing artifacts to Governance Risk & Compliance (GRC) team in relation to internal & external audits.

• Bachelor’s Degree in Information Technology, Cyber Security, Computer Security, Computer Science or related field required.
• Awareness of web and mobile application develeopment.
  • Knowledge of the J2EE technology stack
  • Knowlegde of the .Net stack a plus
• 4+ years experience in application or product security.
  • Familiarity with SAST, DAST, OSA and Container image analysis tools
• Ability to maintain composure in a dynamic environment.
• Individual must be proactive, self-motivated, detail-oriented, creative, inquisitive and persistent.
• Strong leadership skills, including ability to execute and prioritize a number of tasks simultaneously.
• Ability to organize, plan and implement work assignments, prioritize competing demands and work under pressure of frequent and tight deadlines.
• Experience in conducting and facilitating discussions with employees across all levels & departments.

• Practical development experience in web or mobile application development
• Excellent up-to-date technical and hands-on knowledge and experience in current applicaiton attack methods, penetration testing methods, and security testing tools, specifically for web and mobile applications.
• Tools: Fortify Suite, NMap, Nessus, Burp suite, Metasploit, Rapid7 AppSpider, Rapid7 InsightAppSec, Rapid7 InsightVM, Aqua
• Knowlage of common vulnerabilities and how to find and verify them: authentication (e.g., secure transmission, weak login mechanisms, backend authentication, weak SSL configuration), authorization (e.g., session handling, replay, fixation), client-side attacks (e.g., XSS, CSRF), information disclosure (e.g., error handling, debug information), code injection (e.g., SQL, OS commands, buffer overflow, format strings), logic attacks (e.g., lockout, flooding, insufficient anti-automation, spoofing), review of secure configuration of OS and network devices
• Experience inthe J2EE technology or .Net stacks
• Knowledge of Cyber Security Threat & Risk Assessments, Secure Coding, conducting workshops on Cyber Security topics, and Secure Development Lifecycle is a plus
• Excellent communication skills (written & verbal) in English a must to be able to present complex technical topics in a clear and structured way, ability to moderate discussions, meetings, and projects. Being able to assume role as a trusted topic matter expert.

• 8+ years of hands-on experience with a focus in areas such as systems, network, or information security / cybersecurity with 5+ years of cybersecurity Incident Response experience
• Experience in maintaining, configuring and troubleshooting a SIEM infrastructure.
• Creating and maintaining alarm rules, use cases, filters, dashboards, and reports to identify malware activity, misconfigurations, and/or anomalies
• Incident Response Run book design on Service Now SecOps module.
• Experience leading and coordinating Blue, Purple team & IR table top exercises.
• Must have experience with analysis of network traffic, application logs and endpoint artifacts.
• Experience working on Cloud (AWS/OCI/Zaure)/Network Security technologies – AWS Security Groups, Firewalls, VPN, IDS, IPS, proxies, WAF, NAC etc.
• Solid understanding of the underlying LINUX/UNIX and Windows OS security architecture.
• Experience working with AWS & Docker container security solutions.
• Ability to develop, describe, and communicate Security Baselines and Policies.
• Subject matter expertise to IT Compliance during IT internal and external audits like PCI, SOX and PII
• Integrating Log sources for Custom applications into SIEM and associated troubleshooting.
• Ability to analyze data, such as logs or packets captures, from various sources within the enterprise and draw conclusions regarding past and future security incidents.
• Self-starter, work independently and adjust to changing priorities, critical and strategic thinker, negotiator and consensus builder.
• Scripting skills such as Python, Perl, Shell, Bash.
• Excellent English written and verbal skills. Preferred Information Security professional certifications such as CISM, CISA, GSEC, GMON, CEH.