Incident Response Advisor
Reports to: Director of Incident Response
- Coordinate with assigned customer(s) daily and guide them through improving IR techniques, tools, and procedures.
- Refine and operationalize IR Playbooks. Teach and mentor incident handlers on the proper use of IR Playbooks.
- Conduct daily reviews of incidents to ensure proper processes were followed, including documentation and notification.
- Execute and enhance incident command and remediation workflows by developing containment plans and remediation strategies.
- Present tactical plans both orally and in written reports for customers and all involved third parties.
- Drive both technical and non-technical incident bridges to enhance incident communications.
- Ensure that defined manpower and resources are suitable to support daily IR service delivery for assigned customer(s).
- Responsible for the development of comprehensive and accurate reports and presentations for both technical and executive audiences.
- Become a subject matter expert on the network and security posture of assigned customer(s).
- Be proactively aware of security alerts and trends and make recommendations within our customers’ environments.
- Provide feedback and coaching, where appropriate, to grow incident response capabilities from a technical and analytics skills perspective.
- Other duties and responsibilities as assigned.
- Passion and enthusiasm for Cyber Security.
- 3 to 6 years’ experience of working in an incident response role in a cyber-security focused organization.
- Proven experience managing and conducting cyber incident response investigations in large enterprises with multiple business units and environments.
- Leadership skills with experience mentoring and leading teams of technical staff.
- Excellent consulting and technical communication skills (oral and written), including experience briefing executive management.
- Experience working with technologies such as DFIR tools, SIEM, SOAR, IDS/IPS, firewalls, EDR, and NTA/NDR.
- Experience of working in a high-performance SOC team in a cyber-security focused organization and experience with an enterprise-grade SIEM platform (e.g.Exabeam, Securonix, LogRhythm, ArcSight, QRadar, McAfee).
- Understanding of different Cyber Security Frameworks and Standards, like NIST, ISO/IEC 27001, PCI DSS, HIPAA, CCTF, and MITRE ATT&CK.
- Excellent teamworking skills, and a "can do, let's get it done" attitude is crucial.
- A desire to keep learning, extending your skills and pushing the boundaries of your knowledge.
- Excellent verbal and written communication skills
- Ability to travel 20%
- CISSP, GCFA, GNFA, CCE, CCSP, CCNP-Security, or other related certification
- College Degree in Cyber Security or Information Technology or equivalent work experience.
- Digital Forensics, Network Traffic Analysis, Malware Analysis
- Elasticsearch, Logstash and Kibana (ELK) experience.
- Experience identifying vulnerabilities in network security architecture regarding security incidents.
- Ability to write and understand scripts in languages such as Python, Ruby, Bash, etc
- Ability to write and understand complex regular expressions (PCRE).
- Experience with 'big-data' platforms such including Hadoop, HDFS, Apache Spark etc.
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.
Cyber Defense Labs, LLC
Cyber Defense Labs specializes in helping clients reduce business risk BEFORE, DURING and AFTER a cyber incident. The Company provides end-to-end cybersecurity services.
Company Website: www.cyberdefenselabs.com
(if you already have a resume on Indeed)