SIRCC Incident Response Manager

DXC Technology is a Fortune 500 Global IT Services Leader and is ranked at 152.Our more than 130000 people in 70-plus countries are entrusted by our customers to deliver what matters most. We use the power of technology to deliver mission critical IT services that transform global businesses. We deliver excellenceforour customerscolleaguesand communities around the world.

Accelerate your career and reimagine the possibilities with DXC!

We inspire and take care of our people. Work in a culture that encourages innovation and where brilliant people embrace change and seize opportunities to advance their careers and amplify customer success. Leverage technology skills and deep industry knowledge to help clients. Work on transformation programs that modernize operations and drive innovation across our customers entire IT estate using the latest technologies in cloud applications security IT Outsourcing business process outsourcing and modern workplace.

At DXC Technology we believe strong connections and community are key to our success. Our work model prioritizes in-person collaboration while offering flexibility to support wellbeing productivity individual work styles and life circumstances.Werecommitted to fostering an inclusive environment where everyone can thrive.#DXCSMARTFirst

Roles and Responsibilities:

• Perform detail analysis of events during the incident process combining sound analytical skills with advanced knowledge of IT Security and Network Threats.

• Participate in knowledge sharing with other Senior Analysts andwritingtechnical articles for Internal Knowledge Bases.

• Provide a containment strategy and remediation planin order toresolve the security issue.

• Develop andmaintaina strong relationship with the Client Security Teams.

• Perform other essential duties as assigned.

• Perform daily follow up on all tickets that were not resolved by Security analysts

• If a resolution for the Incident is not known or available at this point and it is not considered to be a Major Incident engage the relevant higher level support team.

• If the incident is believed to be a Major Incident the Strategic Incident Manager / Shift Manager needs to be notified

• Understand andutilizetheRtOPprocess and Key Production Environment incident handling

• Provide swift andaccuratereactions during an ongoing security crisis situationsidentifyingdifferent typeIoCsestablishing mitigation/remediation plans.

• Follow training plans requirements and schedules as outlined by the Technical Supervisor.

• Complete and keep up to date with all Mandatory trainings. (Environmental Health and Safety ITSM Security Fundaments Standards of Business Conduct Standards of Personal Conduct Internal workinstructions )

• Provide out of office hours on-call support and guidance to the junior team members.

• Do deep troubleshooting within the applicable technology

• Full understanding of the Cyber Kill Chainmethodology

• Escalation to Security support teams as needed.

• Alert tuning analysis proposal

• Alert suppression analysis proposal

• Provide regional security managers with up-to-date team metrics and proactively address anypotentialimprovements or concerns related to the team.
• Toolselectionand improvement proposal

Key deliverables/accountabilities:

• E2E ownership of all security incidents as per approved process

• Security incident tickets raised are reviewed for closure/updates within appropriate timeframes.

• Stale security incident tickets raised are reviewed for closure/updates within appropriate timeframes prioritising incidents that are in the daily combined scrum/triage review such as forensic REAPs.

• Always responding to a reporter of an incident with a ticket number updates and resolution of the incident within appropriate timeframes.

• Properly risk assess all reported IT related security incidents and assign the correct priority in tickets

• To record accurately and consistently my technical analysis in Service Now - pDXC.

• To attach related emails followed by a log entry explaining the contents email that was attached.

• Always verifying handoff of an incident to any group and recording it in the ticket including DFI CTH CTAC or SIRCC Region.

• Always closing an incident explaining with some detail of the resolution and how or why that resolution was determined.

• Correctly using parent/child tickets and tasks and updating relevant tickets/tasks with the relevant information keeping things clear and concise.

• Perform daily ticket reviews of recent incidents identify any potential issues or gaps and address with the staff responsible.

• Identifying taking ownership and managing major IT security incidents that affect DXC and its clients.

• Creation/peer review of initial drafts of RCA documents for incidents handled by the SIRCC

• Perform daily ticket reviews of recent incidents identify any potential issues or gaps and address with the staff responsible.

• Conduct meetings for collaborators and for coordinating incident-response groups:

• Technical meetings to manage hands-on investigation and mitigation activities; forensic meetings to review discovery and to help assess risk and damage

• Management meetings to keep stakeholders and managers apprised of risk and mitigation progress and to ensure the incident handling meets business needs

• Lead investigation activities

• Ensure that reports of compromise required by regulation contract or policy are timely and accurate

• Develop mitigation strategies

• Assign actions and ensure that action-items are progressing or completed; escalate issues to overcome barriers to investigation or action

• Creating reports that help inform managers and collaborators not only of incident status but also of risks and of how an incident may fit a pattern of attack

• Develop playbooks for various incident scenarios - e.g. Ransomware

• Follow established process with HPIM on P1 incidents and RToPs

• Send executive summaries as per the approved stakeholder matrix on all high/critical security incidents Support the SIRCC Analysts with queries of processes or of technical nature.

• Manage SIRCC Analysts day-to-day tasks

• Upskill and mentor SIRCC Analysts

• Assist and guide new hires through the onboarding period.

Working relationships:

Internal:

• Other Internal Support Teams
• Security Officers
• Client Capability Leads
• Technical Owners
• Account Support Team members
• Technology Delivery Managers
• Service Delivery Managers
• Team Technology Leads
• VP SeniorDirectors Enterprise Securityand Senior Managers

External:

• DXC Partners and Clients via DXC Account Delivery teams
• External Computer Emergency Response Team
• National Authorities via DXC Legal / DXC Information Security

Education and Experience Required:

Other Qualifications/Skillsets:

• Fluent in written and verbal English

• ITIL Version 3 or above

• Security certification

Personal skills and qualities:

• Strong analytical and critical thinking skills with the ability to synthesize complex information.
• Excellent written and verbal communication skills including report writing and presentation.
• Ability to learn new technologies processes and intelligence methodologies proactively.
• Understanding of network and endpoint security principles as well as current threat and attack trends.
• Ability to contribute to technical deliverables and documentation for team and customer use.
• The ability to learn or develop new processes quickly in response to changes in business requirements and the Information Security landscape.
• The ability to think flexibly and outside the box and to communicate clearly while under pressure.
• Strong leadership and interpersonal skills with the ability to motivate and guide a small team effectively.
• Ability to build trust and maintain positive working relationships within the team and across stakeholders.
• Ability to manage time and priorities effectively balancing personal responsibilities with team support.

Technical skills:

• In-depth understanding of TCP IP and other lower level network protocols as well as common higher-level protocols such as HTTP HTTPS SMTP POP3 FTP and so on and the ability to analyze captures of network traffic.
• Familiarity with network security devices including firewalls Intrusion Prevention Systems Intrusion Detection Systems and so on.
• Understanding of modern network operating systems how they communicate and familiarity with the Microsoft Windows line of Operating Systems.
• Strong understanding of the malware products available on the market how anti-malware software works and how it is used in an Enterprise environment.
• Basic knowledge about common types of Information Security threats such as buffer overflows cross site scripting SQL injection phishing and other techniques used to compromise security.
• Experience with gathering Open Source Intelligence (OSINT)
• The ability to perform in-depth analysis of log files from multiple different devices and environments and identify indicators of security threats.
• Familiarity with Information Security practices and procedures including investigative processes and requirements for security audits such as SOX SAS70 or ISO27001 NIST MITRE frameworks.
• The ability to perform independent research and analysis of security threats and issues using various available resources and to document and report on the results.
• Basic programming or scripting skills.
• Familiarity with SIEM EDR platforms and network forensics.

What awaits you in DXC:

• Health Insurance (HMO) for you and dependents upon hiring

• Life Insurance coverage from day 1 of employment

• 15 - 20 Days Vacation and 15 Days Sick Leave

• Expanded maternity leave up to120 daysand Maternity Benefits

• Expandedpaternity leaveup to30 days

• Non-Taxable Allowance (De-minimis)

• Company-sponsored trainings upskilling and certification

• SMART First Working Arrangements

• Healthy and Encouraging Work Environment

• Recognition and Pay for Performance Culture

• Supplemental Pay (Standby/Shift)

• Retirement Program

• Employee Assistance Program

If you are motivated to deliver excellent results want to grow your career and make a difference come join us.

We are DXC.