Senior Cyber Defense Incident Responder

• In this role, as an incident commander, you will be a decision maker during a major incident.
• The role will have a focus on aspects of investigations.
• Evaluates and ensures the resolution of technically sophisticated security issues, internal control issues, critical incidents and/or crisis resolution management
• Managing security incidents related to internal applications and infrastructure
• Delegating tasks within the CSOC and collecting pertinent information from various data sources to support an investigation
• Partnering with internal teams such as Digital Command Center, DBRT, Privacy and legal as part of the greater Incident response process
• Maintain knowledge of applicable Security Operations policies, regulations, and compliance documents specifically related to security
• Establish and maintain relationships with the suppliers, vendors, and partners with federal agencies along with the overall information security industry
• Provide actionable intelligence through written and verbal products to a diverse audience, including business partners, senior leaders, and security analysts

• A minimum of 6 years of Information Security/ IT Risk Management/IT experience with growing technical responsibilities
• Solid technical understanding of applications is required (ex. SAP, SalesForce, etc.)
• Good understanding of malware families, types, and ability to analyse event data generated by anomalies.
• A solid grasp of the current threat landscape including the latest tactics, tools, and procedures, common malware variants, and effective techniques for detecting this malicious activity is required
• Good interpersonal, verbal, and written communication skills are required
• Fluent English (B2+)
• Experience working with virtual, global teams - including diverse groups of people with wide-ranging backgrounds and cultural experience is preferred
• An ability to obtain and maintain a security clearance is required

• Experience with structured analysis techniques (Diamond Model, Cyber Kill Chain) as well as a demonstrable understanding of the MITRE ATT&CK framework is preferred
• Experience with common operating systems, services, networking protocols, logging, attacker techniques and tools is preferred
• Security certifications such as CISSP, SANS GIAC CTI, GCFA, GNFA are preferred
• At least 2 years of security operations experience is preferred
• High rate understanding of cloud technologies/services (Virtual Private/Hybrid Cloud, SaaS, IaaS, PaaS, DBaaS) and the appropriate logging, controls and processes to secure them is preferred

• Contract of employment
• Yearly bonus 16%
• International working environment (+ business travels from time to time)
• Medical, sport, insurance and cultural benefits packages
• English lessons
• Hybrid working model (3 days office, 2 days remote/week)
• Company car or car allowance

Jobs.pl