Job Description As a member of Experian's Global Security Office (EGSO) - Global Cyber Incident Response Team, (GCIRT) you will respond, contain, escalate, investigate, and coordinate mitigation of security events relative to anomalies detected and escalated by the Cyber Fusion Centre (CFC) according to Experian's Incident Response Plan.
The member will respond and analyze security incidents involving threats targeting Experian information assets.
These threats may include phishing, malware, network attacks, suspicious activity.
Also, you will work with end-users, partners, technical support teams, and management to ensure remediation and recovery from these threats.
Analyze data collected from endpoints, environmental logging, and a variety of other sources to maximize containment and eradication of threats, while expediting recovery of the business.
You will guide the Incident Response teams SLO Goals and performance, working to improve Incident Response process documentation, and coordinating training of team.
You will report to the CFC Sr.
Manager Cyber Incident Response.
Responsibilities Include: The role is the detailed and repeatable execution of all operational tasks which are documented in the Wiki and Incident Response Plan.
Respond to Security to cyber security events and alerts associated to threats, intrusions, and-or compromises per SLO.
Manage multiple cases related to security incidents throughout the incident response lifecycle; including Analysis, Containment, Eradication, Recovery, and Lessons Learned.
Identify best methods to contain, eradicate, and recover from a variety of security incidents.
Provide recommendations to prevent incidents from re-occurring in the future.
Coordinate successful conclusion of security incidents according to process & procedures.
Escalates severe incidents according to Experian's Incident Response Plan.
Maintain all case documentation, including notes, analysis findings, containment steps, and root cause for each assigned security incident.
Maintain a foundational understanding of common Operating Systems (Windows, Linux, Mac OS), Networking (Firewalls, Proxies), and Security Technologies (Anti-Virus, Intrusion Prevention) Interpret device and application logs from a variety of sources (e.g.
Firewalls, Proxies, Web Servers, System Logs, Splunk, Packet Captures) to identify root cause and determine next steps for containment, eradication, and recovery.
Follow all documented GCIRT guides, standards, processes, and?procedures?(GCIRT xWiki).
All cases owned by an Analyst shall be well documented observing GCIRT standards.
Frequently participate in the CFC Weekly?Lessons Learned?Meetings.
Contribute at least two (2) items to the CFC Weekly Meeting?Lessons Learned?per Month.
Maintain GCIRT Shift Logs for period worked.
Verify Shift Logs are completed and accurate by L1 analysts.
All assigned security incidents must be reviewed,?updated, and documented at least every?(3) business days.
Coordinate coverage for any cases which need update while out on leave or holiday.
Incident updates or contact with end-user to be done every 24 hours and documented case notes.
Maintain assigned case load and move incidents through each phase of the IR Lifecyle with a goal to complete cases within 5 business?days.
Follow case hand-off procedure, assisting other GCIRT Team Members with their caseload while they are off shift.
Provide Advanced Support to other GCIRT Analysts (Logs review, IP Block question).
Mentor other GCIRT analysts.
Lead local resources to ensure team meets SLOs and follow Incident Response Process, Procedures & Guides.
Work with GCIRT team to resolve any case discrepancies or breach of SLOs, including: Unresolved GCIRT Cases exceeding SLOs and make sure to assist other analysts with their cases Inactivity-No updates in more than (7) days and remind other analysts to follow up on their cases Ensure case documentation and phase management throughout the IR Lifecycle Coordinate training of new GCIRT Analysts Monitor open incidents in the GCIRT Board and make sure they are being updated-worked Qualifications Bachelor's Degree in Computer Science, Computer Engineering, Information Security or a related field.
6+?years of experience working within a Security Operations Centers or Cyber Security Incident Response Teams.
Prefer candidate with Cloud Incident Response experience (AWS / Azure / GCP) Must have at least one certification?involving incident response, ethical hacking, or cyber security (i.e.
GCIH, GCFR, E|CEH, E|CIH.)
Exhibit skills using common Incident Response and Security Monitoring?applications such as SIEM (Splunk), EDR (FireEye HX, CrowdStrike Falcon, McAfee mVision EDR.
), WAF, IPS.
Demonstrate knowledge of Incident Response and Investigative Methodology.
Hold one Security Management certification (i.e.
ISC2 CISSP, CISM.)
or obtain such within the first two years as a Cyber Incident Response Lead.
Must have competent English speaking, reading, and writing skills.
The ability to explain technical terminology is frequently required.
Must work well with a global team-oriented environment You will have a regular Monday – Friday schedule with flexibility to work a shift schedule (including nights and weekends).
Additional Information This is a permanent home-based role in Costa Rica.
No relocation available.
Our benefits include: Medical, life and dental insurance, Asociacion Solidarista, International Share Save Plan, Flex Work, Work from home, Paid time off, Annual Performance Bonus, Education Reimbursement, Family Bonding, Bereavement Leave, Referral Program, and more.
Experian is proud to be an Equal Opportunity and Affirmative Action employer.
Innovation is an important part of Experian's DNA and practices, and our diverse workforce drives our success.
Everyone can succeed at Experian and bring their whole self to work, irrespective of their gender, ethnicity, religion, colour, sexuality, physical ability or age.
If you have a disability or special need that requires accommodation, please let us know at the earliest opportunity.
#LI-Remote
