Cyber Security Incident Response Specialist

About the Cyber Security Incident Response Specialist role:

What you will be doing:

1. SME Consultancy: As part of the IT Security team, develop and implement my client's IT Strategy in consultation with my client's IT teams, ensuring that all initiatives are mirrored in respective strategies including the overall Strategy.
2. Provide security advice and support for information technology projects as incident response subject matter expert (SME).
3. Research new security related products and services to ensure that my client is equipped with appropriate industry best tools and solutions.
4. Incident Response: Investigate and respond to security incidents escalated from the SOC.
5. Execute containment, eradication and recovery actions in line with regulatory and internal requirements.
6. Coordinate with internal and external stakeholders including compliance teams, legal and regulators during incident resolution.
7. Coordinate with external stakeholders including critical incident response retainers and SaaS providers.
8. Drive the CIR testing strategy by facilitating tabletop exercises, CIR drills, and assisting in the design/execution of enterprise level desktop exercises.
9. Regulatory Compliance & Reporting: Ensure incident response efforts and documentation comply with industry standards and best practices (GDPR, SOC, NIST, ISO etc.).
10. Maintain detailed documentation and reporting for audits and compliance reviews.
11. Process Improvement & Risk Mitigation: Develop and refine incident response standard operating procedures and playbooks.
12. Conduct root cause analysis and post incident reports to identify areas for improvement.
13. Recommend and implement process improvements to enhance detection, response and recovery capabilities.
14. Operational: Operate and maintain controls related to SIEM, DLP, Vulnerability Management, Cyber Threat Intelligence, Endpoint Protection, etc. with an emphasis on cloud deployments and implementations.
15. Conduct IT Security risk assessments for all high impact projects, defining security mitigating controls that impact the technology architectures of my client, service providers, and business partners.
16. Review and update IT Security procedures to reflect best practice and mitigate current and emerging threats.
17. Assigned ownership of IT Security Monitoring and Response related FRB and Internal Audit finding(s) and effective/timely resolution with IT Security.
18. Maintain relationships with third-party IT security vendors and strategic partners.

What my client is looking for:

1. ‘Hands-on’ IT Security analysis and engineering experience including securing systems, networks and infrastructure; operational support, including on-call experience.
2. Proven experience including combination of intrusion detection, malware analysis, forensics and incident response, particularly in cloud/hybrid environments.
3. Working knowledge of cloud environments such as AWS.
4. Monitor, tune and develop technical IT Security controls and frameworks to ensure appropriate preparation, monitoring and response to threats.
5. Ensure a risk-based approach to IT Security is adopted in every part of the business and solutions.
6. Work with members of the IT Security team to help design, implement and maintain security.
7. Prepare for, identify (hunt) and remediate cyber threats.
8. Operate and maintain IT Security controls related to SIEM, DLP, Vulnerability Management, Cyber Threat Intelligence, Endpoint Protection, etc.
9. Deliver IT Security projects from concept, approval, design, and implementation to operation.
10. Ability to collaborate effectively with others to drive forward key security objectives.
11. Strong documentation and report writing skills (to both technical and business audiences).
12. Excellent time management and organizational skills combined with technical IT Security acumen.
13. Expert knowledge of Firewalls, TCP/IP, IPS, DLP, proxies, SIEM, & Endpoint Protection software.
14. Financial and/or Banking industry experience preferred.

Qualifications / certifications:

1. Virtualized and Cloud platforms experience such as Amazon Web Services, Microsoft Azure or Office 365.
2. B.S. in a technology discipline (Computer Science, Computer Engineering, Cybersecurity or equivalent).
3. Security certifications such as CISSP and at least one GIAC GSEC, GCED, GCIA, GCIH, GREM, GCFR or equivalent is preferred.
4. Knowledge of incident handling life cycle based on an established framework: ISO 27035, SANS, NIST SP 800-61, CERT, ENISA.
5. Experience with security and automation: Python, Powershell, Windows OS, Linux OS, VMware, Puppet, Chef / Ansible desirable.