SIRCC Incident Response Manager

About The Position

Requirements

• Bachelor’s Degree in Information Security or related discipline, or any of the following or similar related certifications: CHFI, CEH, OSCP, OPST, eCPTT, GCIH, GCIA or GSEC.
• documented experience (3+ years) in an incident handling capacity or (5+ years) in a cyber security role.
• Current or recent experience working with enterprise level anti-malware or advanced endpoint protection packages.
• Experience with Operating System security, administration, and logging in an enterprise environment.
• Previous experience with process and procedure development.
• Experience dealing with cybercrime and working in an environment that requires an investigative response when dealing with computer based electronic evidence.
• Typically, 7-10 years of relevant work experience in industry.
• A continuous learner that stays abreast with industry knowledge and technology
• Fluent in written and verbal English
• ITIL Version 3 or above
• Security certification
• Strong analytical and critical thinking skills, with the ability to synthesize complex information.
• Excellent written and verbal communication skills, including report writing and presentation.
• Ability to learn new technologies, processes, and intelligence methodologies proactively.
• Understanding of network and endpoint security principles, as well as current threat and attack trends.
• Ability to contribute to technical deliverables and documentation for team and customer use.
• The ability to learn or develop new processes quickly in response to changes in business requirements and the Information Security landscape.
• The ability to think flexibly and “outside the box” and to communicate clearly while under pressure.
• Strong leadership and interpersonal skills, with the ability to motivate and guide a small team effectively.
• Ability to build trust and maintain positive working relationships within the team and across stakeholders.
• Ability to manage time and priorities effectively, balancing personal responsibilities with team support.
• In-depth understanding of TCP, IP, and other lower level network protocols, as well as common higher-level protocols such as HTTP, HTTPS, SMTP, POP3, FTP, and so on, and the ability to analyze captures of network traffic.
• Familiarity with network security devices, including firewalls, Intrusion Prevention Systems, Intrusion Detection Systems, and so on.
• Understanding of modern network operating systems, how they communicate, and familiarity with the Microsoft Windows line of Operating Systems.
• Strong understanding of the malware products available on the market, how anti-malware software works, and how it is used in an Enterprise environment.
• Basic knowledge about common types of Information Security threats, such as buffer overflows, cross site scripting, SQL injection, phishing, and other techniques used to compromise security.
• Experience with gathering Open Source Intelligence (OSINT)
• The ability to perform in-depth analysis of log files from multiple different devices and environments and identify indicators of security threats.
• Familiarity with Information Security practices and procedures, including investigative processes, and requirements for security audits such as SOX, SAS70, or ISO27001, NIST MITRE frameworks.
• The ability to perform independent research and analysis of security threats and issues using various available resources, and to document and report on the results.
• Basic programming or scripting skills.
• Familiarity with SIEM, EDR platforms, and network forensics.

Responsibilities

• Perform detail analysis of events during the incident process, combining sound analytical skills with advanced knowledge of IT Security and Network Threats.
• Participate in knowledge sharing with other Senior Analysts and writing technical articles for Internal Knowledge Bases.
• Provide a containment strategy and remediation plan in order to resolve the security issue.
• Develop and maintain a strong relationship with the Client Security Teams.
• Perform other essential duties as assigned.
• Perform daily follow up on all tickets that were not resolved by Security analysts
• If a resolution for the Incident is not known or available at this point, and it is not considered to be a Major Incident, engage the relevant higher level support team.
• If the incident is believed to be a Major Incident the Strategic Incident Manager / Shift Manager needs to be notified
• Understand and utilize the RtOP process and Key Production Environment incident handling
• Provide swift and accurate reactions during an ongoing security crisis situations identifying different type IoCs establishing mitigation/remediation plans.
• Follow training plans, requirements and schedules as outlined by the Technical Supervisor.
• Complete and keep up to date with all Mandatory trainings. (Environmental Health and Safety, ITSM, Security Fundaments, Standards of Business Conduct, Standards of Personal Conduct, Internal work instructions )
• Provide out of office hours on-call support and guidance to the junior team members.
• Do deep troubleshooting within the applicable technology
• Full understanding of the Cyber Kill Chain methodology
• Escalation to Security support teams as needed.
• Alert tuning analysis proposal
• Alert suppression analysis proposal
• Provide regional security managers with up-to-date team metrics and proactively address any potential improvements or concerns related to the team.
• Tool selection and improvement proposal
• E2E ownership of all security incidents as per approved process
• Security incident tickets raised are reviewed for closure/updates within appropriate timeframes.
• Stale security incident tickets raised are reviewed for closure/updates within appropriate timeframes, prioritising incidents that are in the daily combined scrum/triage review, such as forensic REAP's.
• Always responding to a reporter of an incident with a ticket number, updates and resolution of the incident within appropriate timeframes.
• Properly risk assess all reported IT related security incidents and assign the correct priority in tickets
• To record accurately and consistently my technical analysis in Service Now - pDXC.
• To attach related emails followed by a log entry explaining the contents email that was attached.
• Always verifying handoff of an incident to any group and recording it in the ticket, including DFI, CTH, CTAC, or SIRCC Region.
• Always closing an incident explaining with some detail of the resolution and how or why that resolution was determined.
• Correctly using parent/child tickets and tasks and updating relevant tickets/tasks with the relevant information, keeping things clear and concise.
• Perform daily ticket reviews of recent incidents, identify any potential issues or gaps and address with the staff responsible.
• Identifying, taking ownership, and managing major IT security incidents that affect DXC and its clients.
• Creation/peer review of initial drafts of RCA documents for incidents handled by the SIRCC
• Perform daily ticket reviews of recent incidents, identify any potential issues or gaps and address with the staff responsible.
• Conduct meetings for collaborators and for coordinating incident-response groups: Technical meetings to manage hands-on investigation and mitigation activities; forensic meetings to review discovery and to help assess risk and damage Management meetings to keep stakeholders and managers apprised of risk and mitigation progress, and to ensure the incident handling meets business needs
• Lead investigation activities
• Ensure that reports of compromise required by regulation, contract, or policy are timely and accurate
• Develop mitigation strategies
• Assign actions, and ensure that action-items are progressing or completed; escalate issues to overcome barriers to investigation or action
• Creating reports that help inform managers and collaborators not only of incident status, but also of risks, and of how an incident may fit a pattern of attack
• Develop playbooks for various incident scenarios - e.g. Ransomware
• Follow established process with HPIM on P1 incidents and RToPs
• Send executive summaries as per the approved stakeholder matrix on all high/critical security incidents
• Support the SIRCC Analysts with queries of processes or of technical nature.
• Manage SIRCC Analysts day-to-day tasks
• Upskill and mentor SIRCC Analysts
• Assist and guide new hires through the onboarding period.

Benefits

• Health Insurance (HMO) for you and dependents upon hiring
• Life Insurance coverage from day 1 of employment
• 15 - 20 Days’ Vacation and 15 Days Sick Leave
• Expanded maternity leave up to 120 days and Maternity Benefits
• Expanded paternity leave up to 30 days
• Non-Taxable Allowance (De-minimis)
• Company-sponsored trainings upskilling, and certification
• SMART First Working Arrangements
• Healthy and Encouraging Work Environment
• Recognition and Pay for Performance Culture
• Supplemental Pay (Standby/Shift)
• Retirement Program
• Employee Assistance Program