Security Incident Coordination Analyst

As part of the SIC Team, you will:

1. Monitor security tooling, conduct triage and analysis of alerts, events, and security incidents.
2. Validate, verify, and report on protective or countermeasure solutions, both technical and administrative.
3. Coordinate and investigate security incidents through to resolution.
4. Collaborate with resolver groups to respond to and investigate security incidents.
5. Manage functional mailboxes and respond to email inquiries from the account and clients.
6. Oversee security ticket queues and review and raise security incidents in ticketing systems.
7. Assist in security reporting, ensuring timely and quality delivery.
8. Prepare and present reports using Microsoft PowerPoint and Excel.
9. Provide Critical Incident Response Reports and lessons learned to stakeholders.
10. Handle legal and law enforcement-related issues as necessary.
11. Review security incidents periodically for trend analysis and recommend improvements or sales opportunities to the Security Delivery Lead.
12. Respond to incidents following playbooks and the Security Incident Management Process.
13. Advise the account on Critical Security Advisories, including responses to Threat Advisories, ModCerts, Carecert, and emergency patches.
14. Develop and maintain a vulnerability management system for zero-day vulnerabilities.
15. Manage security information requests from clients.
16. Lead on complex incidents and ensure lessons learned are documented and processes are updated.
17. Review and update SIC Team processes regularly.
18. Ensure all obligations, like monthly reporting, are met on time and to standard.
19. Keep the Security Delivery Lead informed of relevant incidents and issues.
20. Provide standby (on-call) coverage for high-severity incidents as per rota.
21. Work flexible hours as required, e.g., 8am-4pm or 10am-6pm.
22. Maintain current security clearance or willingness to obtain one.

Training

• Complete mandatory training in line with enterprise requirements and deadlines.
• Stay informed on threat actors, advanced persistent threats, and zero-day exploits.
• Show enthusiasm and a desire to develop skills and knowledge.

Person Specifications

• Experience in handling, responding, and investigating cybersecurity incidents.
• Good analytical skills and experience with log analysis.
• Knowledge of protective monitoring tools (e.g., ArcSight, Tanium, McAfee, Symantec, MS Defender, Microsoft 365, Azure, Azure Sentinel).
• Threat and vulnerability management experience.
• Experience reviewing malware alerts and working in SOCs, ticketing systems, and stakeholder interactions.
• Strong relationship-building skills with colleagues and stakeholders.
• Understanding of security best practices and relevant legislation.
• Self-motivated with up-to-date knowledge of security threats and trends.
• Excellent communication, influencing, negotiating, and engagement skills.
• Leadership skills in team interactions.
• Sound judgment, decision-making, and problem-solving skills; ability to remain calm under pressure.
• Ability to meet tight deadlines and work effectively in high-pressure situations.
• Experience in writing procedures and reports.
• Ability to work independently and as part of a team.
• Recognized security qualifications (e.g., CISSP, CISM) or willingness to obtain them.
• Proven security industry experience, preferably in public sector or armed services.
• Knowledge of tools, equipment, and forensic requirements for incident response and evidence collection.

Note: DXC does not make employment offers via social media or request payments from applicants. For more info, see the employment scams link.

DXC Technology is an American multinational IT services and consulting company headquartered in Ashburn, Virginia.