Listing Description
As a member of First Data’s Cyber Security Incident Response Team (CSIRT), the Incident Handler will coordinate the response activities for cyber security incidents across the Global company environment. The successful candidate will focus on reviewing, triaging, analyzing, and remediating cyber security incidents. The Incident Handler is the escalation point for level one event analysts, and as such, will handle validated cyber security incidents, in accordance with the cyber security incident response process. The successful candidate will perform functions such as log analysis, conduct in-depth technical analysis of network traffic and endpoint systems, enrich data using multiple sources, and will be responsible for rapid handling and mitigation of cyber security incidents.
The candidate will join a team of event analysts and incident responders, and will have an opportunity to participate in a number of Global cyber security initiatives. Successful candidates should be familiar with incident response processes, network investigative techniques, network intrusion patterns, malware analysis, and cyber security trends and issues.
This position requires that the candidate be a US Citizen. The candidate should be able to travel domestically and/or internationally in support of the investigative response mission.Understands CSIRT functions and participates in analysis, containment, and eradication of cyber security events and incidents.
Handle cyber security incidents in accordance with the incident response process.
Perform analysis of logs from various security controls, including, but not limited to, firewall, proxy, host intrusion prevention systems, endpoint security, application and system logs, to identify possible threats to network security.
Perform remote and onsite live response activities.
Analyze malware and/or other suspicious files/email messages.
Analyze volatile system data.
Collaborate with level one event handlers and to improve prevention and detection methods.
Collaborate with security engineering teams to ensure proper function of tools used to support the incident response function.
Maintain proper documentation and creation of reports.
Candidate requirements:
3-6 years’ experience working in incident response and/or other IT related fields tied to networking and enterprise information system environments.
Experience working as part of a SOC or CSIRT team.
Bachelor’s degree in a technology field preferred.
Knowledge of the cyber security field including specific focus on the following domains: enterprise security defense, network and application penetration testing, vulnerability testing, and incident response.
Knowledge of network protocols, enterprise architecture, and common network logging functions.
Experience with log analysis, malware analysis, forensic analysis.
Hands on experience with security tools, such as, Encase, Splunk, Tanium and network forensic and capture tools.
Good written and verbal communications skills.
Ability to prioritize assignments and efforts in a complex work environment.
Direct working knowledge of enterprise incident management systems; such as IBM Resilient Systems.
Industry certifications such as GCIH, GREM, GCFA, GCFE, CISSP, CEH, CISA, Security + are desirable.
Scripting and programming skills are desirable.
Listing Details
- Citizenship: Us Citizen
- Incentives: Not Provided
- Education: Bachelors Degree
- Travel: Travel 25
- Telework: No Telecommute