What does a great Incident Handler do?
Great incident handler is a senior-level professional with extensive experience and expertise in handling complex and critical security incidents. They serve as a part of an incident response team and are responsible for more challenging and escalated incidents that could have significant impacts on an organization's security.
What You will do:
Incident Analysis: Conducting in-depth analysis of complex security incidents to understand the scope, impact, and root cause of the incident. Incident Response: Leading and coordinating the response efforts to contain and remediate the incident effectively. Forensics: Conducting digital forensics and detailed investigations to collect evidence and identify the source and extent of the breach. Malware Analysis: Analyzing sophisticated malware and understanding its behavior and capabilities to develop appropriate countermeasures. Vulnerability Research: Staying updated with the latest security vulnerabilities and emerging threats to improve the organization's defenses proactively. Threat Intelligence: Utilizing threat intelligence to identify and counter potential threats targeting the organization. Incident Documentation: Ensuring comprehensive and accurate documentation of incident response activities, findings, and lessons learned for future reference. Collaboration: Working closely with other teams, such as Tier 1 and Tier 2 incident handlers, IT teams, legal, and management, to address incidents effectively. Security Improvement: Proposing and implementing measures to enhance the organization's security posture based on incident findings and lessons learned. Continuous Learning: Keeping up with the latest trends, tools, and best practices in incident handling and cybersecurity to stay effective in the role.
What You Will Need to Have:
- 5 to 8 years of professional Cybersecurity incident handling experience in a Security Monitoring Center or a Security Operating Center environment.
- Experience with Security Information Event Management (SIEM) tools, creating advanced co-relation rules, administration of SIEM, system hardening, and Vulnerability Assessments.
- Detailed understanding of network architectures and services (routing, switching, web, DNS, email).
- Perl, Python and REST API scripting experience for automation of manual security event data review and analysis.
- Should have expertise on TCP/IP network traffic and event log analysis.
- Knowledge and hands-on experience with LogRhythm, QRadar, Arcsight, Mcafee epo, NetIQ Sentinel or any SIEM tool.
- Knowledge of ITIL disciplines such as Incident, Problem and Change Management
Education:
Bachelor or Masters of Science in Information Security, Computer Science, Risk Management, Information Technology, Engineering, Mathematics. Will consider equivalent relevant experience.
What Would Be Great to Have:
Threat Hunting skills Reverse Malware analysis Harvesting Cyber Threat Intelligence
R-10358007
