Incident Response and Handling Manager
Posted on Sep 7, 2019 by Request Technology - Craig Johnson
Prestigious Fortune 500 Company is currently seeking a Incident Response and Handling Manager. Candidate will manage the incident handling, incident response, and forensics teams by way of mentoring, capacity management, performance management, and incident review. Candidate will partner with other Security areas and the larger information security program to assist in incident investigation, collaboration, and communication.
Provide day-to-day oversight for incident handling, incident response, and forensic teams.
Review all incidents and participate in all shift turnover meetings.
Lead weekly incident review meetings with L2 and L3 incident handlers.
Manage relationship with MSSP vendor and ensure that SLAs are being met.
Maintain and enhance team training and career advancement plans.
Must be able to manage multiple priorities and projects at once.
Responsible for overall ownership of all incident handling, incident response, and forensics playbooks, procedures, and workflows.
Participate in weekly IH/IR and SIEM engineering calls to drive down false positives of SIEM content.
Serve as a subject matter expert as it pertains to the incident handling and incident response processes.
Possess a proactive mindset of always improving existing processes.
Develop and enhance team onboarding procedures.
Candidate will have 10+ years incident handling and incident response experience, and have technical knowledge of network security, operating system security, vulnerability management, common attacker techniques and exploits, encryption, and SIEM. Candidate should know how to lead investigations and direct incident handlers and question the investigative process being followed. Candidate should have experience in writing both technical incident investigation reports as well as reports for senior leadership, and must be able to manage multiple initiatives at once in addition to day-to-day operations.
Advanced incident investigation and response experience
Advanced log parsing and analysis skill sets
Advanced knowledge of networking fundamentals (TCP/IP, network layers, Ethernet, ARP, etc.)
Moderate knowledge of Windows, Unix/Linux, and Mac operating systems
Moderate knowledge of SIEM technologies and use case design
Moderate knowledge of malware operations and indicators
Moderate knowledge of network defenses such as Firewalls, IDS/IPS, Packet Capture, Proxies
Moderate experience with Scripting
Moderate knowledge of forensic techniques
Moderate knowledge of audit requirements (PCI, HIPPA, SOX, etc.)
Security Certifications Preferred:
Certified Information Systems Security Professional (CISSP)
Certified Incident Handler (GCIH)
Certified Intrusion Analyst (GIAC)
Certified Ethical hacker (CEH)
Certified Expert penetration tester (CEPT)
Networking Certifications (CCNA, etc.)
Platform Certifications (Microsoft, Linux, Solaris, etc.)