Cyber Security Incident Management and Response

Propel operational success with your expertise in technology support and a commitment to continuous improvement.

As a Technology Support III in the Cybersecurity & Technology Controls (CTC) Incident Management & Response (IMR) team, you will be responsible for maintaining the operational stability, availability, and performance of our production application flows. Your role will involve troubleshooting, maintaining, identifying, escalating, and resolving production service interruptions for all internally and externally developed systems, thereby ensuring a seamless user experience. Furthermore, you will be instrumental in fostering a culture of continuous improvement within the team.

Job responsibilities

• Provides end-to-end application or infrastructure service delivery to enable successful business operations of the firm.
• Supports the day-to-day maintenance of the firm’s systems to ensure operational stability and availability.
• Assist in the monitoring of production environments for anomalies and address issues utilizing standard observability tools.
• Identify issues for escalation and communication, and provide solutions to the business and technology stakeholders.
• Analyze complex situations and trends to anticipate and solve incident, problem, and change management in support of full stack technology systems, applications, or infrastructure.
• Serve as a key member of the Cybersecurity & Technology Controls (CTC) Incident Management & Response (IMR) team within the Global Incident Command Center (GICC), providing 24/7 support for incident management and response.
• Execute the Firm-wide Cybersecurity Incident Management Playbook to orchestrate actions during the lifecycle of cybersecurity events, aiming to prevent or mitigate impacts.
• Act as the frontline defense for cybersecurity incidents, ensuring effective and timely resolution of security issues against the firm's infrastructure and work closely with Cybersecurity Operations Incident Response teams and Enterprise Technology Product and Engineering teams to mitigate and remediate events and incidents.
• Collaborate with internal and external partners, including regulatory, compliance, privacy, and media communications teams, to manage incidents as well as utilize command and control, communication, and documentation skills to ensure the stability, capacity, and resiliency of products.
• Analyze operational metrics to identify process improvements and deliver constructive feedback to the team.
• Engage in continuous improvement of practices and processes, and participate in research, internal procedure uplift, and internal tools development.

Required qualifications, capabilities, and skills

• Incident Management or Incident Response experience in an enterprise environment.
• Demonstrated command and control, documentation, and communication skills in previous roles.
• Able to communicate technical topics both in writing and verbally to senior management from technical and non-technical backgrounds.
• Good understanding of the ITIL framework and ideally experience with incident management tools.
• Basic understanding of various operating systems, network fundamentals, cyber tools, and cloud architecture.
• High-level understanding of cybersecurity attack frameworks, such as MITRE ATT&CK and Cyber Kill Chain.
• Ability to exercise excellent judgment and decision-making skills under pressure, and know when to escalate situations.
• Ability to influence senior technology managers across organizational boundaries through formal and informal channels.
• Proactive with a strong bias for action, naturally inquisitive, and committed to continuous personal and team improvement.
• Experience with delivering constructive feedback to a team on a continuous basis.

Preferred qualifications, capabilities, and skills

• ITIL Certification.
• Baseline cybersecurity certifications, such as Security+ or Google Cybersecurity Certificate.
• Appreciation of the wider roles of interconnecting cybersecurity teams and collaboration with teams like Forensics, Threat Intelligence, Penetration Testing, and Vulnerability Management.
• Demonstrated ability to multitask and prioritize in a stressful environment; results-oriented.