(A) Incident Response Manager - CSIRT

Incident Response Manager - CSIRT

Department / Functional Area:Group Information Security (GIS)
Reports to:Senior Manager, Cyber Threat Management & CSIRT, Group Information Security
Geographical Responsibilities:Global
Position Objective:The role of the candidate is to be a part of the GIS Cybersecurity team to function as a part of the Cyber Security Incident Response and Monitoring Team CSIRT).
The candidate would be required to ensure that all threats/risks that could impact or have a potential impact on the organization environment are responded, managed and handled in a timely and complete manner.
Roles and Responsibilities:
-Lead Incident Response (IR) engagements and guide local business units through a variety of incidents (i.e., breaches, malware/virus outbreaks, security incidents, and forensics investigations).
-Support service providers performing Cyber Security monitoring, to enhance their monitoring, triage investigation processes capabilities prior to escalation.
-Leverage detection and response solutions in place, to further assess any escalated potential incidents.
-Manage and coordinate potential incidents escalations, for investigation, along with any required internal or external stakeholders.
-Communication and coordination of Cyber Security Incident response actions with Business Units.
-Management of Cyber Security Incidents for the Group, within SLA.
-Partnering with key service providers to support security investigations.
-Analysis of Cyber Security threat intelligence, ensuring that Group prevention, detection and response capabilities setup is maximized against those new threats.
-In depth analysis of malware or other potential malicious processes or software identified in the organization.
-Coordination of Cyber Security testing activities and providing advice on remediation.

-Develop, document, and maintain SOPs and knowledge base for cyber security services including incident response, intelligence analysis, evidence acquisition, forensics recovery, and others.
-Continuous knowledge improvement in tools and best practices in Cyber Security threat monitoring and incident response.
-Prepare, write, and present reports and briefings.

Financial and Non-Financial Measures:
The role would not be required to deal with any financial measure.
Timeliness and punctuality at work and delivery is expected.

Communication Requirements:
Excellent verbal and written communication skills, fluent in English.
Should have strong interpersonal skills.

Minimum Job Requirements:
-Degree in Computer Science or related discipline.
-5+ years experience working hands-on technical role in Cyber Security Monitoring and Incident Response (SOC & IR).
-Ability to learn and apply Containment, Mitigation, and Remediation concepts based on TTPs.
-Good experience and knowledge on cybersecurity incident response/ ethical hacking / forensic analysis & SIEM solutions.
-Adequate experience in handling Phishing, DLP, Malware, Web & network attack incidents and understanding of remediation methods for specific incidents.
-Experience conducting log and activity review, along with stream or packet capture, in support of intrusion analysis.
-Ability to handle stressful situations and think on the feet and strong decision making.
-Excellent written and verbal communication skills and ability to escalate timely to management. Experienced in multicultural virtual team management and coordination.
-Desirable: ECCouncil Computer Hacking Forensics Investigator (CHFI), ---Technical certifications: GIAC Certified Incident Handler (GCIH), GIAC Reverse -Engineering Malware (GREM), GIAC Certified Forensic Analyst (GCFA).