SIRCC Incident Coordinator
Heredia, COSTA RICA
Job description
· Job Description:
DXC Technology (NYSE: DXC) is the world’s leading independent, end-to-end IT services company, helping clients harness the power of innovation to thrive on change. Created by the merger of CSC and the Enterprise Services business of Hewlett Packard Enterprise, DXC Technology serves nearly 6,000 private and public sector clients across 70 countries. The company’s technology independence, global talent and extensive partner alliance combine to deliver powerful next-generation IT services and solutions. DXC Technology is recognized among the best corporate citizens globally. For more information, visit www.dxc.technology .
Job Description:
· The position will report to the SIRCC Manager and is located in a follow-the-sun 24x7 operations environment with other team members and other shift workers in other locations.
· Analyze and perform risk assessments on the potential impact to the business of security events/incidents.
· Coordinating the response to security incidents by the technical groups within the business, including communication with subject matter experts and between business units, directing technical resources, follow-up on tasks assigned by management to business units, and working with technical resources to complete actions if required.
· Work with the SIRCC Manager to develop acceptance criteria, SLA’s, processes, and procedures as required for new tasks and processes being assigned to the SIRCC team by management
· Job Summary:
· Work directly with and support the Tier 1 and Tier 2 Analysts as the first point of contact for all DXC internal Security Incidents
· Take the lead in management and technical update meetings during significant incidents, delegate tasks to the SIRCC level 1 and 2 team members, to other security teams, and to other business units.
· When needed, task the SIRCC level 1 and 2 teams to complete additional incident related actions outside of meetings
· Define the meeting timeframes and scheduling for all incident update briefings.
· Document action items carried out by the Incident Coordination team
· Responsible for peer review, final approval, and delivery of significant incident reports (e.g. Root Cause Analyses), management briefings, and incident updates
· Ongoing mentoring of level 1 and level 2 SIRCC staff
· Liaise with level 1 and 2 SIRCC Analysts to ensure that SIRCC action items are being actioned correctly, and provide guidance where necessary to facilitate the completion of such tasks
· Detail responsibilities:
· On-call duties for escalation of Security Incidents
· Peer review and release of management alerts notifications.
· Use intelligence sources to proactively investigate the environment for threats and real or potential security breaches
· During incidents, lead reactive intelligence analysis, and once a basic methodology is established, hand over ongoing tasks to the SIRCC Level 2 team for continued analysis.
· Peer review results of the SIRCC Level 2 team analysis of intelligence (e.g. correlation of logs from multiple tools)
· Liaise with otherIncident Coordinators to allocate daily and longer term tasks between different coordinators
· Own security tools used by SIRCC and contribute to their strategic development
· Implementation and management of minor SIRCC projects, and development and documentation of initial draft of project-related processes
· Analyze and perform risk assessments on the potential impact to the business of security events/incidents.
· Ensuring that significant security incidents are reported clearly and concisely managed in a reasonable time frame.
· Initial monitoring and analysis of the output from security devices such as IPS, malware alerts, firewall logs, proxy logs, system logs, and so on.
· Perform behavioral analysis of malware samples in a controlled environment, document the results, and provide the samples and documentation to a reverse engineering team.
· Compiling, reviewing, and submitting incident reports for final peer and management review, prior to release to the business.
· Research new vulnerabilities and security threats reported by external security entities, perform and document risk assessments as to the potential impact of said vulnerabilities and threats to the business. Communicate this information to management and other business units as appropriate.
· Contributing to existing process and procedure documentation, and assist in creating new process and procedure documentation in response to dynamically changing threats, information security landscapes, and business requirements.
· Required education:
Bachelors Degree in Information Security or related discipline, or any of the following or
similar related certifications: CCNA, CEH, OSCP, OPST, eCPTT, GCIH or GSEC
• Basic technical requirements:
· Experience with gathering Open Source Intelligence (OSINT)
· Experience with Operating System security, administration, and logging in an enterprise environment.
· In-depth understanding of TCP, IP, and other lower level network protocols, as well as common higher level protocols such as HTTP, HTTPS, SMTP, POP3, FTP, and so on, and the ability to analyze captures of network traffic.
· Strong familiarity with network security devices, including firewalls, Intrusion Detection/Prevention Systems, proxies, switches, routers, and others. Understanding of modern network operating systems, how they communicate, and in particular familiarity with the Microsoft Windows line of Operating Systems.
· Current or recent experience working with enterprise level anti-malware or advanced endpoint protection packages.
· Solid knowledge about common types of Information Security threats, such as buffer overflows, cross site scripting, SQL injection, phishing, and other techniques used to compromise security.
· The ability to perform analysis of log files from multiple different devices and environments, and identify indicators of security threats.
· Familiarity with Information Security practices and procedures, including investigative processes, and requirements for security audits such as SOX, SAS70, or ISO27001.
• Basic skills (non-technical)
· Previous experience with process and procedure development.
· Experience dealing with cybercrime and working in an environment that requires an investigative response when dealing with computer based electronic evidence.
· Strong verbal and written English skills, in particular the ability to communicate clearly in writing with correct spelling, grammar, sentence structure, and style.
· Experience writing formal documents and reports for a management or academic target audience.
· The ability to communicate effectively with all levels of management, up to and including executive level management.
· The ability to develop new processes quickly in response to changes in business requirements and the Information Security landscape.
· The ability to perform in depth analysis of log files from multiple devices and environments, and identify indicators of security threats.
· Familiarity with Information Security best practices and procedures, including the investigative process.
· The ability to think flexibly “outside the box,” and to communicate clearly while under pressure.
· Perform independent research and analysis of security threats and issues using various available resources, and to document and report on the results.
• Desired technical requirements (plus but not most for candidates to be considered)
· Understanding of the requirements for security audit processes/frameworks, such as SOX, SAS70, or ISO27001
· Understanding of, and experience using, Unix-style operating systems, such as Solaris, Linux, or BSD.
· Understanding of and some experience with programming languages such as Python, Perl, Java or C++
· Understanding of, and experience using, Unix-style operating systems, such as Solaris, Linux, or BSD.
· Experience with multiple types of enterprise level anti-malware packages currently available.
· Experience with Operating System security, administration, and logging in an enterprise environment