Cyber Incident Response Lead - Advanced Response Team Remote

As a member of Experians Global Security Office (EGSO)/Cyber Fusion Center (CFC) you will respond contain escalate investigate and coordinate mitigation of security events relative to anomalies detected and escalated by the Cyber Fusion Center according to Experians Incident Response Plan. As an individual contributor this team member will join a new growing team of specialized advanced responders to support escalations of complex and prioritized matters from Experians existing 24x7 security monitoring and response functions responsible for responding to and analyzing security incidents involving threats targeting Experian information assets. You will work with endusers technical support teams and management to ensure remediation and recovery from these threats.

You will report to the CFC Senior Director of Incident Management and Security Operations.

Youll have the opportunity to:

• Conduct advanced incident response activities to investigate and contain complex or largerscale cybersecurity matters
• Orchestrate workstreams across teams (Forensics and Cyber Threat Hunting) and hold responsibility for explaining the CFCs overall understanding of the timeline of attacker activity so that appropriate containment and remediation actions can be coordinated
• Respond to cyber security events and alerts associated with threats intrusions or compromises per any applicable SLOs
• Manage multiple cases related to security incidents throughout the incident response lifecycle including Analysis Containment Eradication Recovery and Lessons Learned
• Coordinate successful conclusion of security incidents according to Process & Procedures and escalate severe incidents according to Experians Incident Response Plan
• Maintain case documentation including notes analysis findings containment steps and cause for each assigned security incident
• Maintain assigned caseload and move incidents through each phase of the IR Lifecycle handing off cases as needed for progress
• Maintain an understanding of common Operating Systems (Windows Linux Mac OS) Security Technologies (AntiVirus Intrusion Prevention) and Networking (Firewalls Proxies)
• Interpret device and application logs from a variety of sources (Firewalls Proxies Web Servers System Logs Splunk Packet Captures) to identify the root cause and determine the next steps for containment eradication and recovery
• Mentor and provide advanced support to analysts (Logs review IP Block question)
• Support overall direction for the CFC and input to the security strategy

Qualifications :

Your background:

• Bachelors Degree in Computer Science Computer Engineering Information Security or a related field or 8years of experience working within Security Operations Centers or Cyber Security Incident Response Teams
• Demonstrated knowledge of Incident Response and Investigative Methodology
• Must have knowledge of network protocols (TCP/IP UDP ICMP) standard protocols (HTTP/S DNS SSH SMTP SMB) wireless networking networking infrastructure and network topologies (DMZ VPN WAN) and network technologies (WAF IPS Routers Firewalls)
• Experience with commercial and opensource SIEMs full packet capture tools and network analysis tools (Splunk Wireshark SOFELK)
• Exhibit skills using common Incident Response and Security Monitoringapplications such as SIEM (Splunk) EDR (FireEye HX CrowdStrike Falcon McAfee mVision EDR) WAF IPS
• Demonstrated knowledge of common intrusion methods and cyberattack tactics techniques and procedures (TTPs)
• Must have at least one certificationinvolving incident response ethical hacking cyber security (GCIH ECEH ECIH) or network forensics (GIAC Network Forensic Analyst (GNFA) NICCS Certified Network Forensics Examiner (CNFE))
• Currently hold one Security Management certification (ISC2 CISSP CISM) or obtain such certification within the first two years as a Cyber Incident Response Team Lead
• This role has a regular Monday Friday schedule with the candidate expected to participate in an oncall schedule or work outside of normal work hours when required to respond to cybersecurity incidents

Benefits/Perks:

• Great compensation package and bonus plan
• Core benefits including medical dental vision and matching 401K
• Flexible work environment ability to work remotely hybrid or inoffice
• Flexible time off including volunteer time off vacation sick and 12paid holidays

Additional Information :

Our uniqueness is that we celebrate yours. Experians culture and people are important differentiators. We take our people agenda very seriously and focus on what matters; DEI work/life balance development authenticity engagement collaboration wellness reward & recognition volunteering... the list goes on. Experians people first approach is awardwinning; Great Place To Work in 24 countries FORTUNE Best Companies to work and Glassdoor Best Places to Work (globally 4.4 Stars) to name a few. Check out Experian Life on social or our Careers Site to understand why.

Experian is proud to be an Equal Opportunity and Affirmative Action employer. Innovation is an important part of Experians DNA and practices and our diverse workforce drives our success. Everyone can succeed at Experian and bring their whole self to work irrespective of their gender ethnicity religion colour sexuality physical ability or age. If you have a disability or special need that requires accommodation please let us know at the earliest opportunity.

Remote Work :

Yes

Employment Type :

Fulltime