Incident Response

Summary

Join Centric Software's security operations team as an Incident Response professional. This role involves managing and mitigating security incidents across the global enterprise, working closely with the Incident Response Manager. You will identify, triage, and resolve security threats, conduct post-incident analysis, and support forensic investigations. Strong cybersecurity experience with incident response is crucial, along with excellent communication skills. The ideal candidate will possess a proactive approach and the ability to work efficiently under pressure.

Requirements

• Minimum of 3-5 years of experience in cybersecurity, with a strong emphasis on incident response
• Familiarity with common security incident response methodologies and cyber-attack vectors (e.g., ransomware, phishing, malware, DDoS)
• Experience working with security tools such as SIEM, IDS/IPS, firewalls, endpoint protection, and forensic analysis software
• Strong written and verbal communication skills, with the ability to convey technical issues clearly to non-technical stakeholders
• Ability to think critically and act swiftly in high-pressure situations to mitigate the impact of security incidents
• Ability to engage with internal teams and external customers to provide updates and support during high-severity incidents

Responsibilities

• Support in the identification and classification of security incidents, evaluating potential impact and severity to determine the appropriate response actions
• Support the Incident Response Manager in the containment, investigation, and resolution of security incidents
• Work closely with cross-functional teams to manage security events throughout the lifecycle
• Collaborate in conducting post-incident analysis to determine the root cause of security breaches and assist in the implementation of measures to prevent future incidents
• Support forensic investigations by collecting and analyzing digital evidence, ensuring proper preservation, and contributing to incident reports
• Maintain accurate and detailed documentation of security incidents, including incident timelines, actions taken, and impact assessments
• Utilize security technologies and tools (e.g., SIEM, IDS/IPS, firewalls, endpoint protection) to detect and respond to incidents
• Communicate effectively with both technical and non-technical teams to provide updates and report on the status of security incidents
• Assist in conducting training sessions to raise awareness about security best practices and incident response procedures within the organization
• Support the management of third-party tools and vendors used in incident response efforts to ensure their effectiveness and proper integration
• Ensure that incident response efforts comply with relevant legal, regulatory, and contractual requirements

Preferred Qualifications

• Industry certifications such as CISSP, CISM, GIAC (GCIH), or other relevant cybersecurity credentials
• Experience with forensic tools like EnCase, FTK, Autopsy, Magnet Axiom, or X-Ways
• Ability to analyze disk images, memory dumps, and logs to extract evidence
• Understanding of data recovery techniques and chain-of-custody procedures
• Proficiency in managing security incidents, including detection, containment, eradication, and recovery
• Familiarity with EDR/XDR tools like CrowdStrike, SentinelOne, or Carbon Black
• Experience with SIEM systems such as Exabeam, Splunk, ArcSight, or QRadar for log analysis and correlation
• Knowledge of reverse engineering and analyzing malicious code
• Familiarity with tools like IDA Pro, Ghidra, or OllyDbg
• Strong understanding of TCP/IP, DNS, and other networking protocols
• Experience with Windows, Linux, and macOS forensics
• Ability to perform packet analysis using tools like Wireshark
• Proficiency in Python, PowerShell, or Bash for automating forensic or incident response tasks
• GIAC Certified Forensic Analyst (GCFA)
• EnCase Certified Examiner (EnCE)
• Magnet Certified Forensics Examiner (MCFE)
• Certified Hacking Forensics Investigator (CHFI)
• GIAC Certified Incident Handler (GCIH)
• CompTIA Cybersecurity Analyst (CySA+)
• Certified Information Systems Security Professional (CISSP)
• GIAC Reverse Engineering Malware (GREM) for malware analysis
• Offensive Security Certified Professional (OSCP) to understand adversarial tactics