Job Overview: An Incident Response Lead is responsible for the daily operations and management of IR alerts/tickets, triaging, investigating, and escalating security alerts and incidents, managing IR tools and services, and supporting the overall IR program with a heavy focus on detection and response. These responsibilities are designed to support the identification of and response to cyberthreats affecting B&H systems and assets in a quick and effective manner.
Essential Responsibilities:
- Monitor and respond to security events, incidents, and service requests using established processes and tools
- Investigate the root cause, scope, impact, and remediation of security incidents
- Manage daily operations of reviewing and responding to IR alerts including but not limited to SIEM, EDR, DLP, FW, and WAF alerts.
- Lead and perform Threat Hunting operations, including during incidents, periodically, and ad hoc
- Manage technical and operational responsibilities for supporting SOC/IR tools and services (SIEM, EDR, MSSP, etc.)
- Oversee threat detection engineering development and overall security monitoring coverage
- Lead incident response activities during significant security incidents and events.
- Provide training, direction, and guidance to incident response and security analysts
- Conduct and participate in incident response training and exercises
- Upkeep and development of IR documentation
- Support the overall development of the B&H IR program
- Provide monthly reporting for the IR function.
Additional Responsibilities:
- Assisting with security projects, tasks, audits, assessment, and other initiatives
- Support overall IS Security initiatives.
Specific Knowledge, Skills, and Abilities:
- Extensive knowledge of enterprise grade IT infrastructure and operations, networking (TCP/IP, firewalls, IDS/IPS, routing, etc.), logging (syslog, auditd, window’s event log, Sysmon, etc.), security tooling and data (A/V, EDR, email security, vulnerability scanners, threat intel, etc.), ticketing systems (JIRA, HP Service Now, remedy, etc.) and security principles (CIS top 18, NIST, incident response frameworks, etc.)
- Experience with threat hunting and operating system malware analysis.
- Experience with threat detection engineering and threat modeling
- Ability to lead a collaborative team while building inter-departments support.
- Excellent communication and writing skills.
- Strong analytical and troubleshooting skills.
- Attention to detail and curiosity to learn new skills.
- Self starter and able to manage multiple competing priorities.
- Experience preparing and presenting incident reports
Preferred Education, Experience and Licenses:
- Minimum of 5 years of experience in IT/Cyber with at least 3 dedicated in a SOC/Incident Response Team.
- Experience leading major incident response operations and 24/7 security monitoring.
- Relevant certifications, such as CompTIA Security+, CySe+, GCIH, GSOC, GMON, CEH, SSCP, or CISSP or equivalent work experience
