Location: Remote, USA
The Cyber Security Incident Commander is a key member of the Information Security department and reports directly to the Manager, Security Operations Team. Primary duty is to manage the response to any and all cybersecurity incidents impacting the client. This position provides hybrid work arrangements.
- Being accountable for managing response for all cybersecurity incidents that are tracked and investigated by the Security Operations team.
- Assume operational control of Incident Response resources in the event of a cybersecurity Incidents.
- Ensure alignment and sound execution of the incident resolution process, with transparent communication to stakeholders and senior management
- Able to oversee multiple investigations/incidents concurrently providing proper direction to each work stream.
- Timely reporting/updates of all cybersecurity incidents to management.
- Create knowledge, artifacts, and tools to be used during an actual cybersecurity incident.
- Regularly interact with senior management and business organizations
- Work with counterparts in other regions around the world to ensure that all cybersecurity incidents are worked upon appropriately.
- Participate in post-incident process reviews to ensure continuous improvement of operation, execution and contribute to the improvement of the incident response process based on lessons learned.
- Participate in threat analysis, review, and ensure continuous overview of the threat management process.
- 10+ years of experience working in a large technology enterprise environment
- 7+ years of experience working with cybersecurity incident response teams
- 5+ years of experience as a cybersecurity Incident Response or SOC analyst
- Hold technical cybersecurity certifications from for organizations such as SANS or ISC2
- Possess sound knowledge of business industry standard security incident response process, procedures, and life cycle.
- Good Interpersonal Skills
- Excellent oral and written communication skills
- Ability to present complex technical issues and findings to diverse audiences in both technical and non-technical parlance, both orally and in writing
- Demonstrate influence and directive control of stressful situations
- Ability to utilize interpersonal skills listed above to convey with customers and stakeholders and bring quick resolution
- Demonstrated ability to investigate ongoing situations for the potential of a security incident
- Ability to maintain incident records in support of recovery, regulatory and legal requirements
- Familiar with ITIL service management methodology.
- Prior experience in a 24x7x365 operations environment.
- Experience with electronic investigations, forensic tools, and methodologies, including: log correlation and analysis, forensically handling electronic data, knowledge of the computer security investigative processes, malware identification and analysis.
- Possess sound understanding of and strict adherence to digital chain of custody forms and processes.
- Experience in vendor management specific to incident response and security tools.
- Experience and/or SME knowledge of the ISO 27001, NIST 800-53, NIST CSF and PCI DSS.
- Comfortable with flexible working hours to support operations