Full-time
Employee Status: Regular
Role Type: Home
Department: Legal & Compliance
Schedule: Full Time
Shift: Day Shift
**Company Description**:
Experian is the world's leading global information services company. During life's big moments - from buying a home or a car, to sending a child to college, to growing a business by connecting with new customers - we empower consumers and our clients to manage their data with confidence. We help individuals to take financial control and access financial services, businesses to make smarter decisions and thrive, lenders to lend more responsibly, and organizations to prevent identity fraud and crime.
We have 20,000 people operating across 44 countries and every day we're investing in new technologies, talented people, and innovation to help all our clients maximize every opportunity.
As a member of Experian's Global Security Office (EGSO) - Global Cyber Incident Response Team, (GCIRT) this individual will respond, contain, escalate, investigate, and coordinate mitigation of security events relative to anomalies detected and escalated by the Cyber Fusion Centre (CFC) according to Experian's Incident Response Plan. The member will respond and analyze security incidents involving threats targeting Experian information assets. These threats may include phishing, malware, network attacks, suspicious activity, etc. In addition, this position will involve working with end-users, stakeholders, technical support teams, and management to ensure proper remediation and recovery from these threats. Leverages analytical skills using data collected from endpoints, environmental logging, and a variety of other sources to maximize containment and eradication of threats, while expediting recovery of the business. This individual will be responsible for driving the Incident Response teams SLO Goals and performance, working to improve Incident Response process documentation, and coordinating training of team. They will be accountable for the overall Incident Response tower personnel management strategy.
This position reports to the CFC Sr. Manager Cyber Incident Response.
**Key Responsibilities Include**:
The Team Lead executes Operational Processes and Procedures as a matter of daily responsibility. The role is the detailed and repeatable execution of all operational tasks which are documented in the Wiki and Incident Response Plan.
- Respond to Security to cyber security events and alerts associated to threats, intrusions, and-or compromises per SLO.
- Effectively manages multiple cases related to security incidents throughout the incident response lifecycle; including Analysis, Containment, Eradication, Recovery, and Lessons Learned.
- Identifies best methods to contain, eradicate, and recover from a wide variety of security incidents. Provides recommendations to proactively prevent incidents from re-occurring in the future.
- Coordinates successful conclusion of security incidents according to Process & Procedures. Escalates severe incidents according to Experian's Incident Response Plan.
- Maintains all case documentation, including notes, analysis findings, containment steps, and root cause for each assigned security incident.
- Maintains a foundational understanding of common Operating Systems (Windows, Linux, Mac OS), Networking (Firewalls, Proxies, etc.), and Security Technologies (Anti-Virus, Intrusion Prevention, etc.)
- Follow all documented GCIRT playbooks, standards, processes, and procedures (GCIRT xWiki). All cases owned by an Analyst shall be well documented in accordance with GCIRT standards.
- Frequently attend and participate in the CFC Weekly Lessons Learned Meetings. Contribute at least two (2) items to the CFC Weekly Meeting Lessons Learned per Month.
- Maintain GCIRT Shift Logs for period worked. Verify Shift Logs are completed and accurate by L1 analysts.
- All assigned security incidents must be reviewed, updated, and documented at least every (3) business days. Coordinate coverage for any cases which need update while out on leave or holiday.
- Incident updates or contact with end user to be done every 24 hours and documented case notes.
- Maintain assigned case load and efficiently move incidents through each phase of the IR Lifecyle with a goal to complete cases within 5 business days.
- Follow case hand-off procedure, assisting other GCIRT Team Members with their caseload while they are off shift.
- Provide Advanced Support as needed to other GCIRT Analysts (Logs review, IP Block question). Mentor other GCIRT analyst when required (process question, tool usage)
- Leads local resources to ensure team meets SLOs and follows Incident Response Process, Procedures & Playbooks.
- Supports overall direction for the GCIRT and input to the overall security strategy.
- Work with GCIRT team to resolve any case discrepancies or breach of SLOs, including:
- Unresolved GCIRT Cases exceeding SLOs and make sure to assist other analysts with their case