Key Responsibilities : Responsible for all activities within the security Incident response lifecycle. These activities include : detection, triage, analysis, containment, recovery, and reporting Provide timely detection, identification, and alert of possible anomalous and misuse activities, and be able to distinguish from benign activities Manages and executes processes responsible for the advanced analysis of security threat intelligence (malicious code, industry events, hackers and zero day exploits, reverse engineering malware, phishing, etc.
in order to proactively prepare for security events Periodic handling of Incident alerts and incident handling in order to eradicate threats Responsible for the Data backup and recovery activities.
Analyze alerts from various sources within the enterprise and determine possible causes of such alerts Identify false positives and false negatives from alerting Ongoing management and maintenance of security products used to monitor, correlate and alert Responsible for liaising with internal customers and vendors in order to handle incidents and to conduct threat analysis Track and communicate response status to multiple levels of the organization Responsible for verification of system level vulnerabilities (manually and through security tools) Bring innovation to overall incident response lifecycle process for better management and to improve efficiencies Work with Global Information Security team to provide awareness and training to employees on Security aspects in Information ecosystems Experience Required : Minimum 3 year experience of Cyber Security Incident Response handling and event management with experience assisting the resolution customer escalations, incident handling and response Solid understanding of Information Security including vulnerability and compliance management, DLP, web application security and emerging threats and attacks Strong understanding of windows environment security, threat mitigations Strong understanding of perimeter and core infrastructure security and architectures and knowledge of all OSI model layers Understanding of OWASP security concepts and common application security risks such as XSS, XSRF, SQL injection, Cookie Manipulation Experience with reviewing raw log files, data correlation and analysis (i.
e. user and system access, application, firewall, network IDS, system logs) Experience with Anti-Virus, Intrusion Detection Systems, Firewalls, Active Directory, Vulnerability Assessment tools and other security tools found in large network environments Experience working with Security Information and Event Management (SIEM) solutions and MSSP vendors Able to work under pressure in time critical situations Strong attention to detail in conducting incident analysis coupled with an ability to accurately record full documentation to support the work Ability to think independently and work independently or as part of a group Experience with working with global teams across time zones and with various cultures Preferred knowledge of Websense or Blue Coat Proxies, Vontu DLP, Cisco / Sourcefire, Algosec, Qualys, Tripwire, UVAs) Preferred CEH or another relevant security certifications Familiarity with OWASP Top10, SANS Top20, PCI and ISO27001 Excellent written, verbal and organizational skills Bachelor Degree in Computer Science or Engineering or equivalent experience