Description

Purpose:

As a member of the Cyber Incident Response Team within the global Cyber Incident Response (CIRC), you will play a key role in investigating security incidents identified through infrastructure monitoring. This includes addressing potential hacking attempts, intrusions, malware infections, information mishandling, and other security threats that could negatively impact VS&Co. You will also provide support during major incidents and investigations, as well as engage in ad-hoc threat hunting, purple teaming, tabletop activities.

Conduct investigations of security incidents, providing analysis and recommending corrective actions to address identified threatsParticipate in ad-hoc threat hunting activities to proactively identify and neutralize potential security threatsCoordinate with internal teams to support a comprehensive security response.Operate endpoint security and SIEM and EDR solutions to detect, analyse, and respond to cyber threatsServe as a focal technical lead and primary contact for complex incidents, providing hands-on investigation and supportConduct sophisticated digital forensics and malware analysis to understand the scope and nature of threatsFacilitate, document and manage root cause analysis and post-incident review process, including tracking all action items and lessons learned through to implementationLead the full incident lifecycle, from detection and triage to containment, eradication, and recovery, ensuring the timely and effective resolution of threatsFacilitate root cause analysis and post-incident reviews, documenting lessons learned and tracking action items for implementation to prevent future incidentsTrain, coach, and mentor junior incident responders, sharing knowledge and helping them develop the skills to handle complex situations independentlyIdentify opportunities to enhance the incident response program by improving detection fidelity, developing new tools, and updating incident response playbooksCommunicate effectively with management, stakeholders, and technical teams regarding Sev1 / Sev 2 incident progress and remediation effortsProactively hunt for adversaries and potential compromises within networks, even when no active incident is reported

 

Business Strategy

Possess deep functional knowledge & expertise to coach & guide associates to build process capability.Identify & develop SME talent in collaboration with the TL/Managers.

 

Relationship Management

Work closely with the respective teams. Collaborate and build strong relationship with functional teams to ensure required support for coaching, streamlining and enhancement of processes.Work with cross regional partnersVendor management

Excellent collaboration skills and the ability to influence team members00

 

VS&Co provides a range of compensation for this role as shown. Your actual salary will be determined by a number of factors, including: your specific skills and experience, geographic region, or other relevant factors.

Qualifications

Education & Skill

Bachelor’s Degree in Information Technology/Information Security or equivalent experience in technologyStrong understanding of network analysis, malware reverse engineering, digital forensics, SIEM tools (e.g., Splunk), EDR, firewalls, Active Directory, and scripting (e.g., Python)

·       Experienced with responding to major cyber incidents in a primarily Windows environment; experience with a heavily mixed Linux/Windows environment is a plus

·       Preferred someone Certified in SANS GCIH

Familiarity with cybersecurity frameworks such as NIST, MITRE ATT&CK, and ISO 27001Has used forensic analysis to investigate potential breaches with supporting detail to determine attack vectors, the scope of the incident, and affected systemsStrong leadership, communication, and problem-solving skills.Ability to work under pressure and manage multiple security priorities.

Work Expérience :

Minimum 12-15 Years of experience, Leading Cyber Incident response teamsPrior people / process / technology management experienceKnowledge of cloud technologies and cloud infrastructures such as Azure, GCP, AWS, O365Experience with conducting log analysis across different components of a typical organisation estate (e.g. OS, network, cloud)Has experience in assessment/evaluate/prioritization of Security riskUnderstanding of various security controls and how they are used to detect and mitigate riskPrior experience in negotiating and managing security-related contracts with external providers.