Summary
Join Experian's Global Security Office (EGSO)/Cyber Fusion Center (CFC) as a Cyber Incident Response Lead and become part of a growing team of specialized responders. You will be responsible for responding to, containing, investigating, and coordinating the mitigation of security events. Collaborate with various teams, manage multiple security incident cases throughout their lifecycle, and maintain detailed case documentation. This role requires advanced incident response activities, orchestrating workstreams, and interpreting device and application logs. You will also mentor junior analysts and contribute to the overall security strategy. The position offers a flexible work environment with opportunities for remote work.
Requirements
- 8+ years of experience working within cybersecurity or information technology roles, at least 4+ of which includes working as an investigator, analyst, or leader in a Cyber Incident Response Team
- Bachelor's Degree in Computer Science, Computer Engineering, Information Systems, Information Security, or a related field. 11+ years of experience working within a Security Operations Center, Incident Response Team, law enforcement, or military experience may be accepted in lieu of this requirement
- Knowledge of network protocols (TCP/IP, UDP, ICMP), standard protocols (HTTP/S, DNS, SSH, SMTP, SMB), wireless networking, networking infrastructure, and network topologies (DMZ, VPN, WAN) and network technologies (WAF, IPS, Routers, or Firewalls)
- Experience with commercial and open-source SIEMs, full packet capture tools, and network analysis tools (Splunk, Wireshark, SOF-ELK)
- Exhibit skills using common Incident Response and Security Monitoring applications such as SIEM (Splunk), EDR (FireEye HX, CrowdStrike Falcon, McAfee mVision EDR), WAF, IPS
- Have at least one certification involving incident response, ethical hacking, cyber security (GCIH, E CEH, E CIH), or network forensics (GIAC Network Forensic Analyst (GNFA), NICCS Certified Network Forensics Examiner (CNFE))
- Hold one Security Management certification (ISC2 CISSP, CISM) or obtain such certification within the first two years as a Cyber Incident Response Lead
Responsibilities
- Conduct advanced incident response activities to investigate and contain complex or larger-scale cybersecurity matters
- Orchestrate workstreams across teams (Forensics and Cyber Threat Hunting) and explain the CFC's overall understanding of the timeline of attacker activity
- Respond to cybersecurity events and alerts associated with threats, intrusions, or compromises per any applicable SLOs
- Manage multiple cases related to security incidents throughout the incident response lifecycle, including Analysis, Containment, Eradication, Recovery, and Lessons Learned
- Coordinate successful conclusion of security incidents according to Process & Procedures, and escalate severe incidents according to Experian's Incident Response Plan
- Maintain case documentation, including notes, analysis findings, containment steps, and cause for each assigned security incident
- Maintain assigned caseload and move incidents through each phase of the IR Lifecycle, handing off cases as needed for progress
- Maintain an understanding of common Operating Systems (Windows, Linux, Mac OS), Security Technologies (Anti-Virus, Intrusion Prevention), and Networking (Firewalls, Proxies)
- Interpret device and application logs from a variety of sources (Firewalls, Proxies, Web Servers, System Logs, Splunk, Packet Captures) to identify the root cause and determine the next steps for containment, eradication, and recovery
- Support overall direction for the CFC and input to the security strategy
- Mentor and provide advanced support to analysts (Logs review, IP Block question)
Benefits
- Great compensation package and bonus plan
- Core benefits including medical, dental, vision, and matching 401K
- Flexible work environment, ability to work remote, hybrid or in-office
- Flexible time off including volunteer time off, vacation, sick and 12-paid holidays
Disclaimer: Please check that the job is real before you apply. Applying might take you to another website that we don't own. Please be aware that any actions taken during the application process are solely your responsibility, and we bear no responsibility for any outcomes.