Lead the analysis, triage, containment, and remediation of escalated security incidents following the P&G’s cyber security incident response plan.
Perform deep dive investigations from start to finish of a security incident using data from disparate sources such as SIEM, internal and external threat intelligence, and host and network-based security tools.
Provide expert support to our stakeholders specially the information security leaders from different organization units to resolve cyber security incidents.
Collect intrusion artifacts and perform forensically sound collection of images in aid of investigating and resolving cyber security incidents.
Perform introspection of incidents to document, publish and share after-action learnings, improve awareness, and strengthen our security posture to prevent similar security incidents from recurring.
Be the escalation point for complex incidents that SOC L1 and L2 analysts are unable to resolve independently.
Help in the continuous development, drive awareness of and improve the Cyber Security Response processes and procedures, ensuring timely and effective response to detected cybersecurity incidents.
Assist in evaluating SOC’s performance by completing quarterly quality reviews
Wymagania
Can work independently and as a team to resolve incidents and develop solutions for the future
Works cross-functionally across different organizations and geographical locations.
Is meticulous and analytical in nature, with strong problem-solving skills
Operates effectively and calmly in high stress situations
Possesses strong leadership skills with the ability to communicate effectively with key customers including Senior Management.
Articulates security events in a concise and understandable manner.
Oferujemy
Bachelor’s degree in software engineering, computer science, information technology, cybersecurity, or relevant related experience.
At least 5 years of experience related to Digital Forensics and Incident Response (DFIR) or Security Operations Center (SOC).
Intermediate/advanced knowledge of different Cybersecurity tools including but not limited to EDR, SIEM, Network proxies and firewalls and Security Orchestration, Automation and Response (SOAR).
Experience with forensics tooling (Axiom, Encase, Wireshark, Cellebrite etc)
