Associate Manager Information Security Job Description: The SIC Analyst has the responsibility for triaging events and alerts from security tooling and the coordination and management of any subsequent Security Incidents. You will be a member of the leveraged Security Operations Team that delivers security services to a wide range of customers in Public Sector, Health, Defence, and Commercial Sectors. You will be responsible for the end-to-end management of the security incident life cycle, overseeing each of the relevant stages from triage through to closure, looking to identify patterns from root causes analysis and making recommendations for improvements based on trend analysis of security incidents. Regarding high severity/critical security incidents (P1 and P2), you will be responsible for managing and responding to them when they occur and expected to work closely with DXC Delivery and customer teams. Following identification of a high severity/critical security incident, you will be responsible for the execution of a Critical Security Incident Response Plan with the effective coordination of resources across DXC’s service lines and CISO team as needed to achieve a successful outcome. You will be responsible for providing security incident reports and metrics concerning security incidents and investigations to the Security Delivery Lead and customer. You will provide a professional interface when required with the customer, the delivery team, and the line management chain, thus being point of contact for operational security advice and guidance. You will also be responsible for escalations of issues as and when necessary. Roles and Responsibilities: Monitor security tooling, conduct triage and analysis of any subsequent alerts, events and/or security incidents identified. Validate, verify and report protective or countermeasure solutions, both technical and administrative. Co-ordinate and investigate Security Incidents through to completion. Work with other resolver groups to respond to and investigate security incidents. Monitor and manage functional mailboxes and respond to email enquiries from the account and clients. Monitor and manage security ticket queues. Review and raise security incidents in ticketing systems. Assist in the completion of security reporting to agreed timescales and quality. Compile and present reports using Microsoft Power Point and Excel. Provision of Critical Incident Response Report and lessons learnt to key stakeholders. Deal with legal and law enforcement-related issues as required. Periodically review security incidents to perform trend analysis, before making recommendations to the Security Delivery Lead for potential security improvements or sales opportunities. Respond to incidents as per playbooks and Security Incident Management Process. Act as an advisor to the account concerning Critical Security Advisories, responding to DXC Threat Advisories, Mod Certs, Carecert, and other emergency patching advisories. Develop and maintain a critical vulnerability management system to effectively communicate with DXC clients when a “Zero Day” vulnerability is discovered. Manage security information requests from the customer. Lead on complex and severe incidents when required and ensure that playbooks are updated or reviewed to ensure that any lessons learnt are documented and repeatable. Take responsibility for SIC processes and continually review them to ensure that they are current and up to date. Ensure that all obligations are covered off (for instance monthly reporting) to the agreed timescales and quality. Ensure that the Security Delivery Lead is informed of all relevant Security Incidents and Issues on the account. There will be a requirement that you must provide standby (on-call) cover whilst working on an agreed rota to cover high severity/critical security incidents. There may be requirements to work flexible hours when required e.g., 8am - 4pm or 10am to 6pm. Due to the nature of some of our clients, a current security clearance is preferable, or willingness to attain security clearance. Training: Ensure that you perform any mandatory training in line with Enterprise / Practice requirements and deadlines. To maintain a watching brief on threat actors and advanced persistent threats as well as continually reviewing zero-day exploits for potential issues. Enthusiasm and desire to develop your skill and knowledge base. Essential: Possess experience of handling, responding, and investigating cyber security incidents. Possess good analytical skills. Experience of log analysis. Knowledge and experience of using Protective Monitoring Tools e.g., Arc Sight, Tanium, Mc Afee, Symantec, MS Defender, Microsoft 365, AZURE, and Azure Sentinel. Threat and Vulnerability management experience: Experience of malware alert review. Experience of working in SOCS, ticketing systems, and interacting with delivery capabilities. Enthusiastic and committed approach with a track record of building strong, trusted base relationships with colleagues and stakeholders at all levels. A sound working knowledge of security best practice and legislation affecting the security role. Self-motivated and an ability to keep up to date with latest security threats and vulnerabilities and trends. Excellent communication, influencing, negotiating and engagement skills. Possess good leadership skills when interacting with account delivery teams. Sound judgement and decision-making skills, with a ‘hands on’, problem solving approach, able to remain calm under pressure and own security incidents. Ability to work to tight timescales. Ability to remain calm and focused in high pressure situations identifying business resources essential to recovery. Experience of writing procedures and reports. Ability to work as part of a team, as well as independently. Desirable: Recognized security qualification e.g., CISSP or CISM or willing towards obtaining accreditation. Security professional with proven experience within the security industry, the public sector, or armed services. Knowledge of types and sources of tools and equipment required to adequately equip an Incident Response Team. Knowledge of forensic requirements for collecting and presenting evidence. Knowledge of security tools such as Splunk and Elk.
#J-18808-Ljbffr
Reklama:
Associate Manager Information Security
320,000 zł
Associate Manager Information Security
Poland, Warmińsko-Mazurskie, Ełk,
Zmodyfikowano October 26, 2024
Opis
Szczegóły pracy:
⇐ Poprzednia praca |
Następna praca ⇒ |
Skontaktuj się z pracodawcą
320,000 zł / W ciągu roku