Cyber Security Incident Coordinator

Job description

  Job Description:

Job Summary:

The SIRCC(Security Incident Response Control Center)Incident Coordinator position will serve as the in-region coordinator for all DXC cyber security incidents.  Each follow-the-sun region will have a coordinator who will function in the incident coordination role in cooperation with the other coordinators in the other regions.  Security incidents will be handed off between coordinators as regions go off and come on line for their normal working hours to insure continuity of the incident response process.  Coordinator tasks consist of reviewing the work and consulting with the SIRCC analysts to ensure that a given security incident is being handled in an appropriate and expeditious manner according to its severity and risk.

Detailed Responsibilities:

The incident coordinator is responsible for ensuring the timely and appropriate processes are assigned and progressing as needed with a given security incident and in coordination with the other regional incident coordinators. 

These responsibilities include:

·  Serving as the subject matter expert in cyber security incident handling for the team.
·  Ensuring that security incidents are prioritized correctly and handled in a manner reflecting their priority.
·  Ensuring tasks necessary to the verification, mitigation, remediation and reporting of security incidents are assigned to SIRCC analysts and progressing in a satisfactory manner.
·  Ensuring higher priority incidents are continuing to progress as regions go offline and come on line in the follow-the-sun model in coordination with other regional incident coordinators.
·  Ensuring the handoff of incident response activity from the regional shift before and after the region of responsibility.
·  Ensuring the appropriate incident escalations and reporting are taking place in accordance with established policy and process guidance.

Key Responsibilities:

·  On-call duties for escalation of Security Incidents
·  Responsible for peer review, final approval, and delivery of significant incident reports (e.g. Root Cause Analyses), management briefings, and incident updates
·  Take the lead in management and technical update meetings during significant incidents, delegate tasks to the SIRCC tier 1,2 and 3 analyst team members, to other security teams, and to other business units. 
·  Define the meeting timeframes and scheduling for all update briefings.
·  Document action items carried out by the Incident Coordination team
·  If required, task the SIRCC tier1, 2 and 3 team members to complete additional incident related actions outside of meetings
·  Liaise with level 1, 2 and 3 SIRCC Analysts to ensure that SIRCC action items are being actioned correctly, and provide guidance where necessary to facilitate the completion of such tasks
·  Peer review and release of management alerts notifications.
·  Use intelligence sources to proactively investigate the environment for threats and real or potential security breaches
·  During incidents, lead reactive intelligence analysis, and once a basic methodology is established, hand over ongoing tasks to the SIRCC tier 2 and 3 team for continued analysis. 
·  Peer review results of the SIRCC tier 2 and 3 team analysis of intelligence (e.g. correlation of logs from multiple tools)
·  Liaise with other Incident Coordinators to allocate daily and longer term tasks between different coordinators
·  Own security tools used by SIRCC and contribute to their strategic development
·  Ongoing mentoring of tier 1, 2 and 3 SIRCC staff
·  Implementation and management of minor SIRCC projects, and development and documentation of initial draft of project-related processes
·  Liaise with SIRCC Manager to completely develop and implement new processes as required
·  Work with the SIRCC Manager to develop acceptance criteria, SLA’s, processes, and procedures as required for new tasks and processes being assigned to the SIRCC team by management

Education:

Bachelor’s degree in computer science, information security or a related discipline.  This requirement may be waived given the ideal candidate has significant documented experience (3+ years) in an incident handling capacity or (5+ years) in a cyber security role.

Basic Technical Requirements:

Candidates will have a minimum of three years’ experience in an Information Security (IS) role, or two years in an IS Incident Response role, with the relevantqualifications. Applicants should have strong familiarity with IS tools and industry best practices, including but not limited to IPS, malware behavioural analysis and/or tools, vulnerability assessment tools, system security hardening or configuration.

Preference will be given to candidates with extensive IS Incident Response experience and with cross discipline experience in additional areas of IT, such as Network and Server Administration.

Applicants for this role must have the following skills and be able to illustrate at least two years of experience with each:

·  The ability to coordinate the multiple actions necessary for effective cyber security incident response between SIRCC analysts and according to their abilities.
·  The ability to develop new processes quickly in response to changes in business requirements and the Information Security landscape.
·  In-depth understanding of TCP, IP, and other lower level network protocols, as well as common higher level protocols such as HTTP, HTTPS, SMTP, FTP, and others. The ability to conduct in-depth analysis of network traffic and packet captures.
·  Strong familiarity with network security devices, including firewalls, Intrusion Detection/Prevention Systems, proxies, switches, routers, and others. Understanding of modern network operating systems, how they communicate, and in particular familiarity with the Microsoft Windows line of Operating Systems.
·  Understanding of anti-malware and advanced endpoint protection products and their enterprise environment application.
·  Solid knowledge about common types of Information Security threats, such as buffer overflows, cross site scripting, SQL injection, phishing, and other techniques used to compromise security.
·  The ability to perform in depth analysis of log files from multiple devices and environments and identify indicators of security threats.
·  Familiarity with Information Security best practices and procedures, including the investigative process.
·  Perform independent research and analysis of security threats and issues using various available resources, and to document and report on the results.

Basic Skills:

·  Strong verbal and written English skills, in particular the ability to communicate clearly in writing with correct spelling, grammar, sentence structure, and style.
·  Experience writing formal documents and reports for a management or academic target audience.
·  The ability to communicate effectively with all levels of management, up to and including executive level management.
·  The ability to think flexibly “outside the box,” and to communicate clearly while under pressure.

Desirable Skills:

Skills that are highly desirable but not a pre-requisite for this role are:

·  Bachelor’s Degree in Information Security or related discipline, or any of the following or similar related certifications: CCNA, CEH, OSCP, OPST, eCPTT, GCIH, GCIA or GSEC
·  Understanding of the requirements for security auditprocesses/frameworks,such as SOX, SAS70, or ISO27001
·  Understanding of, and experience using, Unix-style operating systems, such as Solaris, Linux, or BSD.
·  Understanding of and some experience with programming languages such as Python, Perl, Java or C++
·  Experience with gathering Open Source Intelligence (OSINT)
·  Current or recent experience working with enterprise level anti-malware or advanced endpoint protection packages.
·  Experience with Operating System security, administration, and logging in an enterprise environment.
·  Previous experience with process and procedure development.
·  Experience dealing with cybercrime and working in an environment that requires an investigative response when dealing with computer based electronic evidence.
·  Experience with HIPAA, GDPR, various privacy regulations and the European Workers Councils.

DXC Technology is the world’s leading independent, end-to-end IT services company, helping clients harness the power of innovation to thrive on change. Created by the merger of CSC and the Enterprise Services business of Hewlett Packard Enterprise, DXC Technology serves nearly 6,000 private and public sector clients across 70 countries. The company’s technology independence, global talent and extensive partner alliance combine to deliver powerful next-generation IT services and solutions. DXC is recognized among the best corporate citizens globally.