Incident Response and Forensics Security Manager
Posted on Mar 29, 2021 by Request Technology - Craig Johnson
*We are unable to sponsor for this permanent Full time role*
Prestigious Fortune 500 Company is currently seeking an Incident Response and Forensics Security Manager. Candidate will manage the Incident Response and Forensics teams within the Global Security operations Center by way of mentoring, capacity management, and day-to-day operations oversight.
- Provide day-to-day oversight for Incident Response and Forensics teams
- Maintain situational awareness through participation in shift-handovers and monitoring of performance metrics
- Ensure potentially critical incidents are identified, understood, and escalated to leadership in a timely way
- Ensure effective investigations through case reviews and direct mentorship of analysts
- Create and maintain skill and career development plans in collaboration with analysts
- Lead post-mortem incident reviews with analyst teams
- Manage relationship with MSSP vendor and ensure that SLAs are being met
- Own responsibility for all Incident Response and Forensics playbooks, procedures, and workflows
- Serve as a subject matter expert as it pertains to Incident Response processes
- Partner with Senior Manager to identify opportunities for strategic improvement
- The ideal candidate will have 5+ years Incident Response experience with increasing responsibility and 3-5 years' experience leading teams of 10+ contributors.
- This individual should have technical knowledge of network security, operating system security, vulnerability management, common attacker techniques and exploits, encryption, and SIEM.
- The individual in this position should know how to lead investigations and be willing to constructively question the investigative process being followed.
- Experience in writing both technical incident investigation reports as well as reports for senior leadership is necessary.
- Being able to manage multiple initiatives while ensuring smooth day-to-day operations is also key to success.
- Advanced incident investigation and response experience
- Strong working knowledge of networking fundamentals (TCP/IP, network layers, Ethernet, ARP, etc.)
- Moderate knowledge of Windows, Unix/Linux, and Mac operating systems
- Moderate knowledge of SIEM technologies and use case design
- Moderate knowledge of malware operations and indicators
- Moderate knowledge of network defenses such as Firewalls, IDS/IPS, Packet Capture, Proxies
- Moderate experience with Scripting
- Moderate knowledge of forensic techniques
- Moderate knowledge of audit requirements (PCI, HIPAA, SOX, etc.)
Security Certifications Preferred (Including but not limited to the following):
- Certified Information Systems Security Professional (CISSP)
- Certified Incident Handler (GCIH)
- Certified Intrusion Analyst (GIAC)
- Certified Ethical hacker (CEH)
- Certified Expert penetration tester (CEPT)
- Networking Certifications (CCNA, etc.)
- Platform Certifications (Microsoft, Linux, Solaris, etc.)