To Support Cyber Defence incident management service, our client is looking for an Incident Response expert who would coordinate activities to ensure that the campany's responses to cyber threats are robust, up-to-date and timely tested.
The Information Security Strategy of our organization commits to deliver upon four objectives:
- enable the extended enterprise;
- counter cybercrime;
- protect our information systems;
- manage security risks.
Consequently, the vision of the “Global Security Cyber Defence' team is to Support the Counter cybercrime objective and response to unauthorized cyber activity. This is to be done by providing the following services
- Proactive : Support & intelligence to help prepare and secure bank systems in anticipation of cyber-attacks where threat management ensures collection, assessment and sharing of threat information.
- Reactive : triggered by a request / incident / event identified by an intrusion detection system or reported by human.
- Define & Test Response Scenarios:
- Assess threat landscape and prescribe response actions. This will be done in collaboration with Threat Management and SMC teams
- Create a comprehensive set of structured Response scenarios including clear procedures for Communication, Containment, Mitigation, Recovery and Restoration.
- Review and assess existing Response scenarios to determine suitability relative to a changing threat landscape.
- Monitor and classify the third party (hosting, Cloud, vendor etc.) landscape to ensure third party response controls are effective.
- Ensure all roles are defined and clear for all parties for each Response.
- Plan and coordinate test of incident response scenarios.
- Collect feedback on what worked and what didn't and improve scenario process.
- Manage Response & Follow-up on mitigating actions
- Be part of the Cyber incident response team (CSIRT), participate in on-call schedules.
- During cyber incident :
- Perform steps through the response scenario.
- Select 'best option' scenario if response scenario does not yet exist.
- conduct forensics with third party assistance.
- Identify required improvements (lessons learned).
- Assess incident post-mortem analysis and identify LIST of mitigating actions.
- Continually improve the bank's Response position by analysing repeatable response activity.
- Follow-up on the lists of mitigating actions
- Working knowledge of entire TCP/IP or OSI network protocol stack, including major protocols such as IP, ICMP, TCP, UDP, SMTP, POP3, HTTP, FTP, and SSH.
- Good understanding of IT security technology and processes (secure networking, web infrastructure, Wintel, Unix, Lunix, etc.);
- Work with various log aggregation and SIEM tools such as Arcsight or Splunk.
- Security engineering and architecture
- Experience in working in cross-functional departments and teams.
- Practical exposure to ITIL process management.
- Languages : Good French or Dutch + fluent English
- Team player
- Be convincing, be able to interact, collaborate, influence and manage across diverse teams on critical initiatives.
- Quick self-starter, pro-active attitude, strong time management
- Good Communication and Influencing skills
- Good analytical and synthesis skills
- Autonomy, commitment and perseverance
- Strong intuition and ability to think “outside the box”
- Attention to detail while seeing the bigger picture
- Ability to provide on-the-job training and knowledge sharing to other analysts
- Solid sense of integrity and identification with the mission.
- Ability to process large amounts of information
- Desire to script and automate repetitive parts of the job.