Reporting to the Senior Vice President – MDR Services, the Senior Incident Handler plays a key, strategic and operational role in the development, management, and continuous improvement of the IR Service. This role also serves as an escalation point for significant security incidents and must be able to perform the necessary technical and managerial tasks to summarize incident related data. The incumbent works within a team of security professionals whose core function is to perform technical analysis, document findings and recommendations, develop playbooks, provide timelines and deliver updates and other communications to audiences ranging from internal teams and executives to our new and existing customers.
Duties and responsibilities
- Coordinate and oversee response activities across IR team or directly with stakeholders to identify and remediate potential threats.
- Analyze technical information to determine impact and action plans; triage incidents and events for direct action and/or assignments.
- Stay up to date and evaluate security trends, evolving threats, risks and vulnerabilities and apply tools and subject matter expertise to evaluate the risk in the context of the enterprise to mitigate risk. Coordinate activities with other security teams including threat intelligence, penetration testers and product groups.
- Contribute to initiatives and projects to provide Incident Response perspective and subject matter expertise
- Deliver against service level agreements and develop metrics and key performance indicators to monitor and measure performance and enable efforts for continuous improvement.
- Define, lead and deliver cyber incident response processes and procedures and provide regular executive updates.
- Maintain technical documentation including standard operating procedures and incident response processes/procedures.
- Identify opportunities to automate incident response processes and optimize infrastructure security controls.
- Some after-hours responsibilities and escalations including weekends and holidays in support of incidents or other events.
- BS/BA in Computer Science or equivalent security operations experience.
- 10+ years’ experience in incident response or similar information security operations role.
- Ability to Travel on short notices (25% Travel Required)
- Maintain valid travel documents at all times
- Demonstrated leadership skills in highly dynamic complex operations
- Knowledgeable about modern security related subjects and trends
- Knowledge of security controls and incident response in a multi-platform environment including on-prem and cloud
- Demonstrated experience in security technologies (i.e., Incident case management, SIEM, SOAR, EDR, Intrusion Prevention, Digital Forensics)
- Relevant experience with Cloud Computing and technology
- Excellent written and oral communication skills
- Excellent presentation skills
- Excellent judgment, critical thinking, decision making skills in high-pressure situations
- Experience with Unix/Linux, or work relating to OS internals or file level forensics
- CISSP or related GIAC certifications
- This position is based in an office environment and follows regular business hours
- This position requires after hours on-call duties
- Some evenings and weekends will be required
- 25% of travel on short notice will be required.
- Spend long hours sitting and using computers, which can cause muscle strain
- Incident handlers