Cyber Incident Response Lead - Advanced Response Team (Remote)
* Full-time
* Employee Status: Regular
* Role Type: Hybrid
* Job Posting - Salary Range: $129,232 - $232,617
* Flexible Time Off: 20 Days
* Schedule: Full Time
* Shift: Day Shift
Experian is a global data and technology company, powering opportunities for people and businesses around the world. We help to redefine lending practices, uncover and prevent fraud, simplify healthcare, create marketing solutions, and gain deeper insights into the automotive market, all using our unique combination of data, analytics and software.
As a member of Experian's Global Security Office (EGSO)/Cyber Fusion Center (CFC), you will respond, contain, escalate, investigate, and coordinate mitigation of security events relative to anomalies detected and escalated by the Cyber Fusion Center according to Experian's Incident Response Plan. You will work with end-users, technical support teams, and management to ensure remediation and recovery from these threats.
You will report to the CFC Senior Director of Incident Management and Security Operations.
You'll have the opportunity to:
* Conduct advanced incident response activities to investigate and contain complex or larger-scale cybersecurity matters
* Orchestrate workstreams across teams (Forensics and Cyber Threat Hunting) and hold responsibility for explaining the CFC's overall understanding of the timeline of attacker activity
* Respond to cyber security events and alerts associated with threats, intrusions, or compromises per any applicable SLOs
* Manage multiple cases related to security incidents throughout the incident response lifecycle, including Analysis, Containment, Eradication, Recovery, and Lessons Learned
* Coordinate successful conclusion of security incidents according to Process & Procedures, and escalate severe incidents according to Experian's Incident Response Plan
* Maintain case documentation, including notes, analysis findings, containment steps, and cause for each assigned security incident
* Maintain assigned caseload and move incidents through each phase of the IR Lifecycle
* Maintain an understanding of common Operating Systems (Windows, Linux, Mac OS), Security Technologies (Anti-Virus, Intrusion Prevention), and Networking (Firewalls, Proxies)
* Interpret device and application logs from a variety of sources (Firewalls, Proxies, Web Servers, System Logs, Splunk, Packet Captures)
* Mentor and provide advanced support to analysts
* Support overall direction for the CFC and input to the security strategy
Your background:
* Bachelor's Degree in Computer Science, Computer Engineering, Information Security, or a related field, or 8+ years of experience working within Security Operations Centers or Cyber Security Incident Response Teams
* Demonstrated knowledge of Incident Response and Investigative Methodology
* Must have knowledge of network protocols (TCP/IP, UDP, ICMP), standard protocols (HTTP/S, DNS, SSH, SMTP, SMB), and network technologies (WAF, IPS, Routers, Firewalls)
* Experience with commercial and open-source SIEMs, full packet capture tools, and network analysis tools (Splunk, Wireshark, SOF-ELK)
* Exhibit skills using common Incident Response and Security Monitoring applications
* Demonstrated knowledge of common intrusion methods and cyber-attack tactics, techniques, and procedures (TTPs)
* Must have at least one certification in incident response, ethical hacking, or network forensics
* Currently hold one Security Management certification (ISC2 CISSP, CISM) or obtain such certification within the first two years as a Cyber Incident Response Team Lead
* This role has a regular Monday – Friday schedule, with the candidate expected to participate in an on-call schedule or work outside of normal work hours when required to respond to cybersecurity incidents
Experian is proud to be an Equal Opportunity and Affirmative Action employer. If you have a disability or special need that requires accommodation, please let us know at the earliest opportunity.
#J-18808-Ljbffr