The Incident Response (IR) Handler is responsible for analyzing, triaging, scoping, containing, providing guidance for remediation, and determining root cause of security incidents. The Incident Response Handler uses data analysis, threat intelligence, and cutting-edge security technologies.
Operates as the Senior Incident Handler for cyber incident response activities and security operations.
Strong knowledge of best Incident Response practices to include analysis, containment, and eradication of cyber security threats and risks.
Conducts malware analysis and determination of Indicators of Compromise (IOCs) to evaluate incident scope and potential impact to systems and data.
Leverage analytic experience to effectively conduct risk assessments across various platforms and infrastructure for reducing risk to organizational assets.
Enhance workflow and processes driving incident response and mitigation efforts to include leading cyber exercises and training activities.
Leads the Incident Response Lifecycle to drive threat remediation and identify strategic countermeasures improving future defenses and vulnerability management processes.
Competent in modern Threat Hunting and Digital Forensics techniques, tools, and capabilities to support Cyber Incident Response activities and investigations.
Min. 5 - 7 years’ experience working as a member of a dedicated Incident Response (IR), Computer Emergency Response Team (CERT), or similar cybersecurity operations and response unit.
Hands-on experience with leading security incident technologies such as SIEM, Anti-Malware, IDS/IPS, EDR, SOAR, Case Management, Digital Forensic, Threat Intelligence, and Malware Analysis solutions
Experience with popular information security incident response frameworks, such as International Organization for Standardization (ISO) 27001, National Institute of Standards and Technology (NIST), CSI CSC 20, etc.
In-depth knowledge and understanding of information security risk management concepts and principles
Ability to translate Information Security policies and procedures into language that a business and/or technical person can understand and ability to effectively communicate with both non-technical and technical people
Diverse background in defensive security operations and methodologies (e.g. Cyber Kill Chain, MITRE ATT&K, OWASP, etc.)
Systems administration and management skills across Windows, Linux, and other enterprise operating systems
Strong problem solving with the ability to methodically and objectively analyze and resolve Information Security challenges such as intrusion analysis and triage
Proficient in managing cyber incident response through coordinated efforts with Managed Security Service Providers (MSSP) and external security experts
Experience working in Information Security practices within the Financial Services industries and sectors to include banking, insurance, asset management, lending, and others
Working knowledge and comprehension of common Financial Services regulatory bodies and frameworks (FFIEC, SOX, GLBA, PCI-DSS, NYDFS, etc.)
Common recognized industry security certifications and credentials specific to application security and risk management (CISSP, CISM, CRISC, GIAC/SANS, GCIH, GCFE, GCFA, CISA, CERT, etc.)
Strong knowledge of modern cloud computing environments such as AWS, Azure, GCP, and related vendor security controls to include incident and threat management features
Experience with static and dynamic malware analysis along with Indicator of Compromise and threat intelligence sharing platforms (MISP, OTX, ISAC’s, IDA, OllyDB, Ghidra, Cuckoo, Fiddler, etc.)
Strong communication skills across business units while working in remote operations
Documentation and diagram experience using common SDLC or security tools (Visio, VisualParadigm, Microsoft Project, etc.)