Security Incident Response Expert

Qualifications
Education
Bachelor degree in Computer Science or Information Security would be desirable but is not essential
Certification
GIAC GCIH (SANS SEC504 GIAC GCFA (SANS FOR508
Strongly preferred: GIAC GDAT (SANS SEC599 GIAC GNFA (SANS FOR572 GIAC GCFE (SANS FOR408 GIAC GCIA (SANS SEC503 GIAC GREM (SANS FOR610
Preferred: Security infrastructure certifications
Preferred: ITIL foundation
Preferred: Offensive security certification (OSCP SEC560 CEH)
Overall work experience in the field
Demonstrated experience in performing Information security incident analysis and response > 4 years
Demonstrated experience in SOC/CSIRT > 3 years
Demonstrated experience in network / security infrastructure administration > 2 years
Demonstrated experience Linux/Windows administration > 1 years
Demonstrated experience in large and complex organisation(s) > 3 years
Demonstrated experience in usage of ticketing tools
Demonstrated onthejob experience with any of the standard commercial SIEM tools
Technical Skills / abilities
Ability to identify risks threats vulnerabilities and associated attacks that might involve: malicious code protocol/design/configuration flaws
Strong troubleshooting and analytical skills
Understanding the Internet and detailed knowledge of network protocols (Ethernet 802.11.X IP ICMP TCP UDP)
Knowledge of application/services related protocols (DNS SMTP HTTP FTP)
Knowledge of network infrastructure elements and architecture (Firewall Proxy IPS WAF)
Knowledge of current security vulnerabilities and related attack methodologies
Detailed knowledge of packet capture analysis and usage of associated tools
Detailed knowledge of log management (Syslog CEF debug levels parsing)
Knowledge of encryption algorithms digital signature mechanisms and PKI
Knowledge of scripting character manipulation and regular expressions
Personal Skills / abilities
Organized with a proven ability to prioritize workload meet deadlines and utilize time effectively
Good interpersonal and communication skills works effectively as a team player
Common sense to make efficient and acceptable decisions
Willingness to continue education and to stay up to date passionate about IT and information security
Ability to work under pressure
Ability to lookup for information and to solve unknown problems
Diplomacy when dealing with other parties
Ability to function effectively in a matrix structure
Cross cultural sensitivity flexibility
Fluent in English

As a worldleading insurance company we act for human progress by protecting what matters. With 153000 employees in 54 countries working with 105 million customers weve created a truly dynamic and vibrant community. Inclusion and diversity link closely with our values and together were nurturing a culture of
respect for each other for our customers and the communities around us. Join AXA and youll feel like you belong are included and can thrive. Youll be able to shape the way you work and truly grow your potential as you seek out new opportunities push boundaries and benefit people in critical moments of their lives. This is your chance to build the tomorrow you want. Know you can.

Company statement
With over 102 million customers in 56 countries AXAs strong global franchises and three lines of expertise Property & Casualty Life & Savings and Asset Management provide a distinctive business portfolio. As a company whose business is to protect people we have a responsibility to leverage our skills resources and risk expertise to build a stronger and safer society. To achieve our mission we are committed to redefining the standards of our business so that we truly differentiate ourselves and earn the trust of our key stakeholders. AXA is settingup a Group Security practice in order to reinforce its shortterm risk reduction strategy aligned with AXA strategy & culture and based on the industry standards.
Business unit statement
To support our business strategy and digital transformation AXA is enlarging its Cyber Defense team to ensure a coordinated response to the increasing cyber security threat enable risk decisions to be made consistently across the organization and establish sustainable security capabilities that are integrated with the business. Our vision for Cyber Security is to protect our stakeholders by securing our information assets managing our cyber risk and enabling business strategies in an efficient and effective way fully supported by executive leadership and underpinned by all AXA employees
Job purpose
Digital Forensics and Incident Response (DFIR) activities including assessment analysis categorization classification and investigation of cybersecurity incidents
Manage cybersecurity incidents to ensure timely containment and risk mitigation engaging with operational teams and leadership as required and according to Security Incident Management Processes
Handle potential high severity incidents autonomously during nonworking hours (on rotational oncall basis)
Collect document and analyze evidence as part of the digital forensics capability of CyberDefense and AXA CERT
Followup security incidents resolution and track updates in ticketing tool
Notify and communicate to relevant stakeholders including Group and entity CISO/CSOs
Support SOC Security Analysts and an international network of local security incident handlers from AXA entities
Perform lessons learned activities e.g. security incident reviews post mortem documentation
Contribute to the improvement of the DFIR capability including development and integration of open source and commercial tools in a dedicated forensic lab
Contribute to threat hunting activity proactively and in the context of high severity incidents
Participate in use case development and SIEM rules threshold tuning
Act as a mentor to more junior Security Incident Response Specialists support and supervise them ensure knowledge transfer within the team
Professional communications and reporting to SOC stakeholders and customers
Participate in exchanges with national and international CERT/CSIRT communities

Key responsibilities accountabilities

Security Incident Response Expert according to Security Incident Management Processes

Security Incident Reports and Lessons Learned

Communication to stakeholders

Security Incident Response documentation

Collect and document data from a variety of sources to assist incident response actions

Coordination with other teams for effective incident response

Mentor and guide the more junior Incident Forensics & Threat Intelligence Manager

Coordinate complex security incident response that require deeper background knowledge

Provide leadership guidance and deep technical expertise to deliver a professional services to customers

Continually maintain and improve technical capabilities through individual development activities Important
Required soft skills & behavioral competencies

Leadership

Creates an environment for developing and fostering leadership excellence

Effectively communicates the group vision and goals and the benefits in achieving the strategy

Recognizes potential leaders and provides them with challenging assignments/stretch goals

Takes calculated risks in decisionmaking and seeks inputs from the team / stakeholders for the same.

Creates mechanisms to recognize individual/group contribution & achievements

Can effectively mentor others to acquire this competency

Strategic Thinking

Articulates a vision develops organizational goals and strategies

Maintains a wider perspective aligns actions and contributes to the enhancement overall organizational strategy including outputs from benchmarking activities and reviews

Understands and articulates the projected direction of the organization and how changes to it might impact the group

Is aware of the trends in the external environment and key differentiators visavis competition and uses this information to anticipate how these changes would impact the organization

Problem solving

Recommends solutions relevant to the complexity scope risk and magnitude of problem

Planning

Plans up to 25 years ahead (particularly when preparing budgets and resource requirements) in accordance with the project/program portfolio to ensure its successful delivery Provides input into planning and prioritization of project activities

Required to analyze and critically evaluate information as well as formulate plans based on multiple sources of information

Forward planning required e.g. target setting and forecasting trends

Ability to manage action plans review progress and make adjustments where required

Decision making

Advises on decisions regarding strategy policy and structures

Quick to assimilate and integrate new information for informed decision making

Monitor changes in the operating environment quick to act upon potential opportunities.

Able to quickly evaluate a situation or issue and take the initiative within limits of authority.

Coaching and Mentoring

Coaching: The process of assisting individuals to set goals then supports the of the goals through establishing strategy and providing feedback insight and guidance to enable the individual to reach their fullest potential.

Mentoring: The process in which an experienced colleague is assigned to an inexperienced individual and assists in a training and development or general support role

Interpersonal skills

Assertiveness empathy active listening

Oral communication persuasive skills