Cyber Incident Response Lead

As a member of Experians Global Security Office (EGSO) / Cyber Fusion Center (CFC) you will respond contain escalate investigate and coordinate mitigation of security events relative to anomalies detected and escalated by the Cyber Fusion Centre (CFC) according to Experians Incident Response Plan. This team member will join a new growing team of specialized advanced responders to support escalations of complex or prioritized matters from Experians existing 24x7 security monitoring and response functions responsible for responding to and analysing security incidents involving threats targeting Experian information assets.

These threats may include phishing malware network attacks suspicious activity. Also you will involve working with endusers partners technical support teams and management to ensure remediation and recovery from these threats.Use analytics & data collected from endpoints environmental logging and a variety of other sources to maximise containment and eradication of threats while expediting recovery of the business.

Please note you will have a regular Monday Friday schedule and expectation to participate in oncall schedule or work outside of normal work hours to manage cybersecurity incidents.

You will report to the CFC Senior Director of Incident Management and Security Operations.

Main Responsibilities include:

• Conduct advanced incident response activities to investigate and  contain complex and largerscale cybersecurity matters (such as potential major severity incidents) 

• In the event of investigative matters requiring additional analytical support from teams such as Forensics and Cyber Threat Hunt workstreams across the teams and hold responsibility for expressing the CFCs overall understanding of the timeline of attacker activity so that appropriate containment and remediation actions can be coordinated 

• Respond to Security to cyber security events and alerts associated to threats intrusions and compromises per any applicable SLOs. 

• Manage multiple cases related to security incidents throughout the incident response lifecycle; including Analysis Containment Eradication Recovery and Lessons Learned. 

• Maintain case documentation including notes analysis findings containment steps and cause for each assigned security incident. 

• Maintain an understanding of common Operating Systems (Windows Linux Mac OS) Security Technologies (AntiVirus Intrusion Prevention) and Networking (Firewalls Proxies) 

• Interpret device and application logs from a variety of sources (e.g. Firewalls Proxies Web Servers System Logs Splunk Packet Captures) to identify cause and determine next steps for containment eradication and recovery. 

• Provide Advanced Support to analysts (Logs review IP Block question).Mentor other analysts (process question tool usage) 

Qualifications :

• Experience working within a Security Operations Centers or Cyber Security Incident Response Teams may be accepted in lieu of this education requirement.
• Must have knowledge of network protocols (TCP/IP UDP ICMP) standard protocols (HTTP/S DNS SSH SMTP SMB) wireless networking networking infrastructure and network topologies (DMZ VPN WAN) and network technologies (WAF IPS Routers Firewalls)
• Experience with commercial & opensource SIEMs full packet capture tools and network analysis tools (Splunk Wireshark SOFELK)
• Have a demonstrated knowledge of common intrusion methods and cyberattack tactics techniques and procedures (TTPs).
• Exhibit skills using common Incident Response and Security Monitoringapplications such as SIEM (Splunk) EDR (FireEye HX CrowdStrike Falcon McAfee mVision EDR.) WAF IPS

Additional Information :

Benefits package includes:

• Flexible work environment working hybrid or in the office if you prefer.
• Great compensation package and discretionary bonus plan
• Core benefits include pension bupa healthcare sharesave scheme and more
• 25 days annual leave with 8 bank holidays and 3 volunteering days. You can purchase additional annual leave.

Experian is proud to be an Equal Opportunity and Affirmative Action employer. Innovation is an important part of Experians DNA and practices and our diverse workforce drives our success. Everyone can succeed at Experian and bring their whole self to work irrespective of their gender ethnicity religion colour sexuality physical ability or age. If you have a disability or special need that requires accommodation please let us know at the earliest opportunity.

Find out what its like to work for Experian by clicking here

#LIHybrid

Experian Careers Creating a better tomorrow together

Find out what its like to work for Experian by clicking here

Remote Work :

Yes

Employment Type :

Fulltime