Manager Incident Response & Forensics
Posted on May 30, 2021 by Request Technology
*We are unable to sponsor as this is a permanent full time role*
A prestigious fortune 500 company is on the search for a Manager Incident Response & Forensics. This position will manage 20+ people on the global incident response and forensics team. This person will manage relationship with MSSP vendor and ensure that SLAs are being met. They also will own responsibility for all Incident Response and Forensics playbooks, procedures, and workflows.
- Provide day-to-day oversight for Incident Response and Forensics teams
- Maintain situational awareness through participation in shift-handovers and monitoring of performance metrics
- Ensure potentially critical incidents are identified, understood, and escalated to leadership in a timely way
- Ensure effective investigations through case reviews and direct mentorship of analysts
- Create and maintain skill and career development plans in collaboration with analysts
- Lead post-mortem incident reviews with analyst teams
- Manage relationship with MSSP vendor and ensure that SLAs are being met
- Own responsibility for all Incident Response and Forensics playbooks, procedures, and workflows
- Serve as a subject matter expert as it pertains to Incident Response processes
- Partner with Senior Manager to identify opportunities for strategic improvement
- The ideal candidate will have 5+ years Incident Response experience with increasing responsibility and 3-5 years' experience leading teams of 10+ contributors.
- This individual should have technical knowledge of network security, operating system security, vulnerability management, common attacker techniques and exploits, encryption, and SIEM.
- The individual in this position should know how to lead investigations and be willing to constructively question the investigative process being followed.
- Experience in writing both technical incident investigation reports as well as reports for senior leadership is necessary.
- Being able to manage multiple initiatives while ensuring smooth day-to-day operations is also key to success.
- Advanced incident investigation and response experience
- Strong working knowledge of networking fundamentals (TCP/IP, network layers, Ethernet, ARP, etc.)
- Moderate knowledge of Windows, Unix/Linux, and Mac operating systems
- Moderate knowledge of SIEM technologies and use case design
- Moderate knowledge of malware operations and indicators
- Moderate knowledge of network defenses such as Firewalls, IDS/IPS, Packet Capture, Proxies
- Moderate experience with Scripting
- Moderate knowledge of forensic techniques
- Moderate knowledge of audit requirements (PCI, HIPAA, SOX, etc.)
- Certified Information Systems Security Professional (CISSP)
- Certified Incident Handler (GCIH)
- Certified Intrusion Analyst (GIAC)
- Certified Ethical hacker (CEH)
- Certified Expert penetration tester (CEPT)
- Networking Certifications (CCNA, etc.)
- Platform Certifications (Microsoft, Linux, Solaris, etc.)