Information Security Incident Response Professional

Job Summary

• Facilitate the incident management process to ensure successful integration with the other areas in Mobily security.

• Perform investigation and escalation for complex or high severity security threats or incidents.

• Coordinate evidence/data gathering and documentation and review security incident reports.

• Manage security incidents from identification through remediation; receive, document, and report cyber security events.

• Categorize incidents and implement corresponding escalation procedures, Communicate and coordinate incident response efforts

• Perform intrusion scope and root cause analyses, assist intrusion remediation and strategy implementation.

• Conduct daily operational update meetings for SOC staff and unscheduled situational update briefings for management

• Analyze reports to understand threat campaign(s) techniques, lateral movements and extract indicators of compromise (IOCs).

• Recommend effective process changes to enhance defense and response procedures.

• Coordinate with IT and Network Operations to resolve high or critical severity level incidents

• Analyze compromised/potentially compromised systems and participate in incident response

• Monitor and audit malicious activity observed by or reported to the SOC.

• Perform other duties as required by higher levels of supervision.

Skills

• Experience working in a network security environment, such as a Security Operations Center (SOC), Computer Emergency Response Team (CERT) or Computer Incident Response Team (CIRT)

• Must have experience working with various event logging systems and must be proficient in the review of security event log analysis. Previous experience with Security Information and Event Monitoring (SIEM) platforms that perform log collection, analysis, correlation, and alerting is also required – preferably at least one year’s hands on experience with ArchSight

• Must have experience with the identification and implementation of counter-measures or mitigating controls for deployment and implementation in the enterprise network environment

• Strong technical understanding of network fundamentals and common Internet protocols.

• System forensics/investigation skills, including analyzing system artifacts (file system, memory, running processes, network connections) for indicators of infection/compromise.

• Strong technical understanding of the information security threat landscape (attack vectors and tools, best practices for securing systems and networks, etc.).

• Experience responding to security incidents in a production environment, such as investigating and remediating possible endpoint malware infections and mitigating email borne threats such as spam and phishing.

• Advanced knowledge of networking fundamentals (TCP/IP, network layers, Ethernet, ARP, etc)

• Advanced knowledge of current threat landscape (threat actors, APT, cyber-crime, etc)

• Advanced knowledge of malware operation and indicators (Wireshark, Gigastor, Netwitness, etc.)

Education

Information Systems, Computer Science, or related engineering discipline.