Position Objective:
The role of the candidate is to be a part of the GIS Cybersecurity team to function as a part of the Cyber Security Incident Response and Monitoring Team CSIRT).
The candidate would be required to ensure that all threats/risks that could impact or have a potential impact on the AIA environment are managed and handled in a timely manner.
Roles and Responsibilities:
- Investigate and conduct triage on reported incidents and guide local business units through a variety of incidents (i.e., breaches, malware/virus outbreaks, security incidents, and forensics investigations).
- Support AIA Agencies M365 monitoring and incident response.
- Correlate and analyze Windows, Linux and Network logs to identify Indicators of Compromise (IOCs) and perform deep-dive analysis on identified/known Tools, Techniques and Procedures (TTPs) of the cyber-attacks using multiple log sources available.
- Responsible for more advanced incident responses and investigations. Conduct root cause analysis and determine the best course of action to resolve incidents.
- Provides technical guidance to Junior Analysts.
- Proactive service improvements in monitoring & response playbooks to include lessons learned from past incidents.
- Able to learn and collaborate from our close-knit group as well as contributing your thoughts, tools, industry news or lessons learned.
- Deliver end to end cyber security incident response capability.
- Delivering contextual threat metrics and reports for oversight on the threat landscape of AIA.
- Prepare, write, and present reports and briefings.
Job Requirements:
- Bachelor's Degree in Cybersecurity, Information Security, Computer Science or closely related discipline.
- A minimum of 4-6 years experience working in Incident Response (SOC) or related fields.
- Practical experience across Cybersecurity incident lifecycle.
- Ability to learn and apply Containment, Mitigation, and Remediation concepts based on TTP's.
- Good experience and knowledge on cybersecurity incident response/ ethical hacking / forensic analysis & SIEM solutions.
- Adequate experience in handling Phishing, DLP, Malware, Web & Network attack incidents and understanding of remediation methods for specific incidents.
- Ability to handle stressful situations and think on the feet.
- Able to work in shift (7am-4pm & 1pm-10pm)
