Cyber Incident Response and Intrusion Forensics Team (CIRIFT) Senior Manager

Remote - Chicago, Illinois, United States

Applications have closed

Crypto.com

Over 80 million users buy, sell, and trade Bitcoin, Ethereum, NFTs and more on Crypto.com. Join the World's leading crypto trading platform.

View company page

About Crypto.com

Crypto.com was founded in 2016 on a simple belief: it's a basic human right for everyone to control their money, data and identity. With over 10+ million users on its platform today, Crypto.com provides a powerful alternative to traditional financial services, turning its vision of "cryptocurrency in every wallet" into reality, one customer at a time. Crypto.com is built on a solid foundation of security, privacy and compliance and is the first cryptocurrency company in the world to have CCSS Level 3, ISO27001:2013 and PCI:DSS 3.2.1, Level 1 compliance. For more information, please visit www.crypto.com.

About the role

As part of the CIRIFT at Crypto.com, you will have to highly competent and experienced in responding and managing cyber security incident throughout the cycle - from Preparation to Identification, Containment, Eradication, Recovery and Lessons Learnt - along with other incident responders around the globe.

You will apply all of your skills on cyber defence, digital forensics, log analysis, intrusion analysis and any related skills to respond to security incidents on our endpoints, network, and cloud infrastructure. In this role, you will provide prevention, detection, response and remediation activities to ensure information assets and technologies are adequately protected using different technologies like NGFW, EDR, IDS/IPS, EDR, DLP and more.

You will also apply your collaboration and communication skills to work effectively with all relevant stakeholders in multicultural/global environments.

Responsibilities

  • Direct report to the Head of Incident Response to facilitate all phases in the incident response lifecycle.
  • Preparation
    • Understand different regulatory and compliance requirements like critical time to report, escalation flows, etc.
    • Take part in self-assessment exercises like Tabletop Exercises, Attack Simulations, Red/Purple Team exercises to make sure the incident response process is working smoothly
    • Develop incident response runbooks, playbooks and SOPs with reference to different regulatory requirements
    • Evaluate the incident response readiness of different layers - people, process, technology
  • Detection & Analysis
    • Respond to the cyber security incidents escalated from various channels including the 24/7 SOC team.
    • Respond to cyber security incidents in compliance with the local authority / regulatory requirements.
    • Assess the risk, impact and scope of the identified security threats
    • Perform deep-dive incident analysis of various data sources by analysing and investigating security related logs against medium-term threats and IOCs
  • Containment, Eradication and Recovery
    • Communicate with the stakeholders and provide guidance, recommendations to contain and eradicate the security incident
    • Participate in root cause analysis using forensic and other custom tools to identify any sources of compromise and/or malicious activities taking place.
    • Document and present investigative findings for high profile events and other incidents of interest.
  • Post incident activities
    • Provide lessons learnt meeting to the stakeholders
    • Lead and keep track on the follow-up activities
    • Document the incident in the case management system and provide incident reports
  • Always ready to jump in, in the event of security incidents.

Requirements

  • At least 8 years of experience in the Cyber Security industry
  • 3+ years of incident response experience
  • Excellent understanding of the cyber security incident response process
  • Hands-on experience on performing incident response activities
  • Strong technical forensic analysis skill for RCA, post-mortem, and lesson learned
  • Have scripting experience like Bash, PowerShell, Python, Go, etc, and the ability to use these skills to aid in responding to incidents involving Windows, Linux, macOS, as well as cloud environment
  • Have experience writing procedural documentation (playbooks and runbooks)
  • Have experience with cybersecurity tools and software like NGFW, EDR, IDS/IPS, EDR, DLP, SIEM, other log management platforms, etc.
  • Be familiar with the MITRE ATT&CK Framework and/or Cyber Kill Chain
  • Be passionate on exploring new technologies and having creative initiative to boost the team capabilities
  • Holders of security related certifications is a plus (e.g. CISSP, GCIH, GCIA, GCFA, GNFA, GREM, or other equivalent)
  • Knowledge of regulatory and compliance requirements like GDPR, MAS, PSD2 etc is a plus.

Preferred:

  • A strong team player who can collaborate with compassion
  • Passionate to learn about blockchain and positive attitude
  • Understand the concept of ownership and accountability coupled with sense of urgency and prioritisation
  • Maturity in handling incidents and managing relevant senior and technical stakeholders
  • Possess business acumen/mindset (not only technical) when making critical decisions

Benefits

  • Attractive compensation package: Base Salary + Crypto Bonuses + RSU
  • Working in a cutting-edge field of Fintech.
  • Huge responsibilities from Day 1. Be the owner of your own learning curve. The possibilities are limitless and depend on you
  • You get to work in a very dynamic environment and be part of an international team

Tags: Bash Blockchain CISSP Cloud Compliance Crypto Cyber Kill Chain EDR FinTech Forensics GCFA GCIA GCIH GDPR GNFA GREM IDS Incident response IPS ISO 27001 Linux Log analysis MacOS MITRE ATT&CK NGFW PowerShell Privacy PSD2 Python Scripting SIEM Windows

Perks/benefits: Career development Team events

Regions: Remote/Anywhere North America
Country: United States
Job stats:  28  2  1

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.