Cyber Incident Response Lead (Remote)

As a member of Experians Global Security Office (EGSO)/Cyber Fusion Center (CFC) you will respond contain escalate investigate and coordinate mitigation of security events relative to anomalies detected and escalated by the Cyber Fusion Center according to Experians Incident Response Plan. As an individual contributor you will join a growing team of specialized advanced responders to support escalations of complex and prioritized matters from Experians existing 24x7 security monitoring and response functions. You will work with end-users technical support teams and management to ensure remediation and recovery from these threats.

You will report to the Senior Manager Global Incident Response. You will have a regular Monday Friday schedule with the expectation to participate in an on-call schedule or work outside of normal work hours to respond to cybersecurity incidents.

Youll have the opportunity to:

• Conduct advanced incident response activities to investigate and contain complex or larger-scale cybersecurity matters.
• Orchestrate workstreams across teams (Forensics and Cyber Threat Hunting) and explain the CFCs overall understanding of the timeline of attacker activity.
• Respond to cybersecurity events and alerts associated with threats intrusions or compromises per any applicable SLOs.
• Manage multiple cases related to security incidents throughout the incident response lifecycle including Analysis Containment Eradication Recovery and Lessons Learned.
• Coordinate successful conclusion of security incidents according to Process & Procedures and escalate severe incidents according to Experians Incident Response Plan.
• Maintain case documentation including notes analysis findings containment steps and cause for each assigned security incident.
• Maintain assigned caseload and move incidents through each phase of the IR Lifecycle handing off cases as needed for progress.
• Maintain an understanding of common Operating Systems (Windows Linux Mac OS) Security Technologies (Anti-Virus Intrusion Prevention) Cloud Security investigations and response tools and Networking (Firewalls Proxies).
• Interpret device and application logs from a variety of sources (Firewalls Proxies Web Servers System Logs Splunk Packet Captures) to identify the root cause and determine the next steps for containment eradication and recovery.
• Support overall direction for the CFC and input to the security strategy.
• Mentor and provide advanced support to analysts (Logs review IP Block question).

Qualifications :

Your background:

• 8 years of experience working within cybersecurity or information technology roles at least 4 of which includes working as an investigator analyst or leader in a Cyber Incident Response Team.
• Bachelors Degree in Computer Science Computer Engineering Information Systems Information Security or a related field. 11 years of experience working within a Security Operations Center Incident Response Team law enforcement or military experience may be accepted in lieu of this requirement.
• Knowledge of network protocols (TCP/IP UDP ICMP) standard protocols (HTTP/S DNS SSH SMTP SMB) wireless networking networking infrastructure and network topologies (DMZ VPN WAN) and network technologies (WAF IPS Routers or Firewalls).
• Experience with commercial and open-source SIEMs full packet capture tools and network analysis tools (Splunk Wireshark SOF-ELK).
• Exhibit skills using common Incident Response and Security Monitoring applications such as SIEM (Splunk) EDR (MDE) Tanium WAF IPS.
• Preference for candidates to have at least one certification involving incident response ethical hacking cyber security (GCIH E CEH E CIH) or network forensics (GIAC Network Forensic Analyst (GNFA) NICCS Certified Network Forensics Examiner (CNFE)).
• Hold one Security Management certification (ISC2 CISSP CISM) or obtain such certification within the first two years as a Cyber Incident Response Lead.
• Preference for candidates based in Mountain or Pacific Time Zone. Candidates in other U.S. time zones will also be considered.

Additional Information :

Benefits/Perks:

• Great compensation package and bonus plan.
• Core benefits including medical dental vision and matching 401K.
• Flexible work environment ability to work remote hybrid or in-office.
• Flexible time off including volunteer time off vacation sick and 12-paid holidays.
• Explore all our exciting benefits here: uniqueness is that we celebrate yours. Experians culture and people are important differentiators. We take our people agenda very seriously and focus on what matters; DEI work/life balance development authenticity collaboration wellness reward & recognition volunteering... the list goes on. Experians people first approach is award-winning; Worlds Best Workplaces 2024 (Fortune Top 25) Great Place To Work in 24 countries and Glassdoor Best Places to Work 2024 to name a few. Check out Experian Life on social or our Careers Site to understand why.

  Our compensation reflects the cost of labor across several U.S. geographic markets. The base pay range for this position is listed above. Within this range individual pay is determined by work location and additional factors such as job-related skills experience and education. You will be also eligible for a variable pay opportunity.

  Experian is proud to be an Equal Opportunity Employer for all groups protected under applicable federal state and local law including protected veterans and individuals with disabilities. Innovation is an important part of Experians DNA and practices and our inclusive workforce allows everyone to succeed and bring their whole self to work. If you have a disability or special need that requires accommodation please let us know at the earliest opportunity.

  #LI-Remote

  This is a remote position.

  
  

  Remote Work :

  Yes

  
  

  Employment Type :

  Full-time