Job Description
Job Purpose *
The Bank has established Cyber Security Incident Response Process to detect and response to security incidents, and drive timely containment and remediation of the incident.
Key Responsibilities *
- Support cyber incident response actions to ensure proper assessment, containment, mitigation and documentation.
- Support cyber investigations and contribution to large and small scale computer security breaches.
- Handle escalated security incident investigation and response from Tier-2: SOC Analyst.
- Oversight on security incident response activities performed by Tier-2: SOC Analyst.
- Proactive service improvements of incident response playbooks to include lessons learnt from past incidents and perform deep-dive analysis on identified/known Tools, Techniques and Procedures (TTPs) of the cyber-attacks.
- Keep abreast on latest cyber security threats and vulnerabilities, in line with the changing Threat Landscape, Regulatory and Compliance requirements.
- Validates and evergreen the cyber security incident response plans, playbooks and other relevant Standard Operating Procedures within Cyber Defence Centre.
- Work closely with Service Management: Incident Management for collective response and situational awareness.
- Participate in the cyber Drill simulation and Table Top Exercises (TTXs).
- Utilizes and adheres to defined workflow and processes driving the Incident Response and mitigation efforts.
- Collects supporting information and/or relevant artifacts in support of Incident Response activities.
- Escalates and hands off to team members and leadership based on defined threat and priority determination.
- Conducts technical analysis on impacted systems to determine impact, scope, and recovery from active and potential cyber incidents.
- Leverages Forensics tools, techniques, and capacities to support Cyber Incident Response activities.
- Documents results of cyber threat analysis and subsequent remediation and recovery in an effective and consistent manner.
- Executes the Incident Response lifecycle and coordinating remediation activities throughout the Verizon organization and its lines of business as a part of Cyber Incident Handling.
- Recommends solutions to optimize both technical and process/procedure aspects of the end to end incident lifecycle.
- Produce security incident report.
- This position involves an on-call rostering component for escalated incidents.
Job Specification *
Qualifications
(Basic Degree/Diploma, etc.)
- Bachelor's Degree or Professional Qualification in the relevant discipline (IT / Cybersecurity / Computer Science). Professional Qualification and/or Regulatory, Licensing requirements
- Security certifications e.g. CompTIA Security+, CISM, ECIH, etc. are preferred.
- Network certifications e.g. CCNA, CCNP, etc are added advantages
Relevant Work Experience
- Minimum 7 years of experience in IT security, preferably in cyber incident response role of a banking environment. Leadership in cyber incident response and crisis management are added advantages.
- Demonstrated experience in an enterprise-level incident response team or security operations center. Direct experience handling advanced cyber security incidents and associated incident response toolset.
- Strong working knowledge of common security tools, such as a SIEM, AV, scanners, proxies, WAF, netflow, IDS or forensics tools.
- Advanced technical knowledge associated with various operating systems, network services and applications. A keen understanding of logging components and capabilities.
- Strong interpersonal and leadership skills to influence and build credibility as a peer.
- Possess a demonstrated sense of urgency with the ability to perform well under significant enterprise-wide pressure.
- Excellent communication and presentation skills with demonstrated skill in presenting analytical data effectively to varied (including executive) audiences.
Required Competencies and Skills *
Competencies/Skills
(Essential to succeed in this job)
Technical/Functional skills
- 7+ years of work experience in one or more of the following roles: SOC Analyst, Security Incident Response, Cyber Threat Hunter, Cyber Crime investigations, Cyber Threat Analysis, Cyber Threat Campaign Tracking.
- Understanding of common operating systems and IT Infrastructure such as Windows, Unix/Linux, Active Directory, firewalls, proxies, etc.
- Familiarity with automation concepts and proficiency in scripting languages such as Python, Perl, JavaScript, Powershell, etc.
- Strong analytical skills and critical thinking skills.
- Effective communication skills (both written and verbal)
- Strong organization, prioritization, and rationalization skills.
Personal skills (Soft Competencies [Core/Leadership])
- Highly results-oriented and can work independently.
- Ability to build relationships and interact effectively with internal and external parties.
- Ability to plan, organize and prioritize tasks.
- Ability to work effectively as a team.
- Good analytical, technical, written and verbal communication skills.
