Cyber Incident Response Lead - Advanced Response Team (Remote)

• Full-time
• Employee Status: Regular
• Role Type: Hybrid
• Job Posting - Salary Range: $133,109 - $239,596
• Flexible Time Off: 20 Days
• Schedule: Full Time
• Shift: Day Shift

Experian is a global data and technology company, powering opportunities for people and businesses around the world. We help to redefine lending practices, uncover and prevent fraud, simplify healthcare, create marketing solutions, and gain deeper insights into the automotive market, all using our unique combination of data, analytics and software. We also assist millions of people to realize their financial goals and help them save time and money.

We operate across a range of markets, from financial services to healthcare, automotive, agribusiness, insurance, and many more industry segments.

We invest in people and new advanced technologies to unlock the power of data. As a FTSE 100 Index company listed on the London Stock Exchange (EXPN), we have a team of 22,500 people across 32 countries. Our corporate headquarters are in Dublin, Ireland. Learn more at experianplc.com

As a member of Experian's Global Security Office (EGSO)/Cyber Fusion Center (CFC), you will respond, contain, escalate, investigate, and coordinate mitigation of security events relative to anomalies detected and escalated by the Cyber Fusion Center according to Experian's Incident Response Plan. You will join a growing team of advanced responders to support escalations of complex security incidents from 24x7 security monitoring. Your role involves analyzing threats targeting Experian information assets, working with end-users, technical support teams, and management to ensure remediation and recovery.

You will report to the Senior Manager, Global Incident Response.

Responsibilities:

1. Conduct advanced incident response activities to investigate and contain cybersecurity issues.
2. Coordinate workstreams across teams such as Forensics and Cyber Threat Hunting, providing the timeline of attacker activity for containment and remediation.
3. Respond to security events and alerts related to threats, intrusions, or compromises per applicable SLOs.
4. Manage multiple security incident cases through all response phases: Analysis, Containment, Eradication, Recovery, and Lessons Learned.
5. Document cases thoroughly, including analysis findings, containment steps, and incident causes.
6. Maintain caseloads and ensure incidents progress through each IR lifecycle phase.
7. Understand common Operating Systems (Windows, Linux, Mac OS), Security Technologies (Anti-Virus, Intrusion Prevention), and Networking concepts (Firewalls, Proxies).
8. Analyze device and application logs (from sources like Firewalls, Web Servers, Splunk) to identify root causes and next steps.
9. Mentor analysts and provide advanced support (e.g., log review, IP blocking).
10. Contribute to the security strategy and overall direction of the CFC.

Your background:

1. Bachelor's Degree in relevant fields or 8+ years experience in Security Operations Centers or Cybersecurity Incident Response Teams.
2. Knowledge of Incident Response and investigative methodologies.
3. Proficiency in network protocols (TCP/IP, UDP, ICMP), standard protocols (HTTP/S, DNS, SSH, SMTP, SMB), wireless networking, and network topologies.
4. Experience with SIEMs, packet capture tools, and network analysis tools such as Splunk, Wireshark.
5. Experience with security monitoring applications like SIEM (Splunk), EDR (CrowdStrike Falcon, FireEye HX), WAF, IPS.
6. Knowledge of cyber-attack TTPs and intrusion methods.
7. At least one relevant certification (e.g., GCIH, CEH, GIAC GNFA, CNFE).
8. Security management certification (e.g., CISSP, CISM) or willing to obtain within two years.
9. Availability for on-call work outside normal hours as needed.

Our compensation package includes a competitive salary, bonuses, core benefits (medical, dental, vision, 401K), and flexible work arrangements. We value diversity and inclusion, and are committed to equal opportunity employment. If accommodations are needed, please inform us at the earliest opportunity.