Incident Response Handling Manager
Posted on Oct 26, 2019 by Request Technology - Robyn Honquest
Fusion Center Incident Handling Manager
Looking for a candidate to manage over Incident handling, incident response and forensic teams.
The individual in this role will manage the Fusion Center incident handling, incident response, and forensics teams by way of mentoring, capacity management, performance management, and incident review.
Provide day-to-day oversight for incident handling, incident response, and forensic teams.
Review all incidents and participate in all shift turnover meetings.
Lead weekly incident review meetings with L2 and L3 incident handlers.
Manage relationship with MSSP vendor and ensure that SLAs are being met.
Maintain and enhance team training and career advancement plans.
Must be able to manage multiple priorities and projects at once.
Responsible for overall ownership of all incident handling, incident response, and forensics playbooks, procedures, and workflows.
Participate in weekly IH/IR and SIEM engineering calls to drive down false positives of SIEM content.
Serve as a subject matter expert as it pertains to the incident handling and incident response processes.
Possess a proactive mindset of always improving existing processes.
Develop and enhance team onboarding procedures.
The ideal candidate will have 10+ years incident handling and incident response experience. They should have technical knowledge of network security, operating system security, vulnerability management, common attacker techniques and exploits, encryption, and SIEM. They should know how to lead investigations and direct incident handlers and question the investigative process being followed. They should have experience in writing both technical incident investigation reports as well as reports for senior leadership. They must be able to manage multiple initiatives at once in addition to day-to-day operations. They should have experience in managing teams of 8 or more people and providing mentorship.
In addition, the ideal candidate must have the following knowledge/experience:
Advanced incident investigation and response experience
Advanced log parsing and analysis skill sets
Advanced knowledge of networking fundamentals (TCP/IP, network layers, Ethernet, ARP, etc.)
Moderate knowledge of Windows, Unix/Linux, and Mac operating systems
Moderate knowledge of SIEM technologies and use case design
Moderate knowledge of malware operations and indicators
Moderate knowledge of network defenses such as Firewalls, IDS/IPS, Packet Capture, Proxies
Moderate experience with Scripting
Moderate knowledge of forensic techniques
Moderate knowledge of audit requirements (PCI, HIPPA, SOX, etc.)
Security Certifications Preferred (Including but not limited to the following):
Certified Information Systems Security Professional (CISSP)
Certified Incident Handler (GCIH)
Certified Intrusion Analyst (GIAC)
Certified Ethical hacker (CEH)
Certified Expert penetration tester (CEPT)
Networking Certifications (CCNA, etc.)