Security Operation Center (SOC) Incident Responder (1006846)
Mexico City, Mexico
Hitachi Vantara, a wholly-owned subsidiary of Hitachi, Ltd., guides our customers from what’s now to what’s next by solving their digital challenges. Working alongside each customer, we apply our unmatched industrial and digital capabilities to their data and applications to benefit both business and society. More than 80% of the Fortune 100 trust Hitachi Vantara to help them develop new revenue streams, unlock competitive advantages, lower costs, enhance customer experiences, and deliver social and environmental value.
We are building a world class cyber security team that we are proud of and are looking for someone to join us! We are seeking a Senior Information Security Incident Responder in Mexico. The Senior Information Security Incident Responder has the primary responsibility for the company in responding to security incidents, either from alerts out of the security toolset, or escalated alerts from our MSSP. The position also provides guidance and coaching to junior members of the team as well as acting as an escalation point for high severity incidents. As the lead Incident Responder in the Americas region, the position also collaborates with other Incident Response team members in other regions (EMEA and APAC). The position will interact and collaborate with practitioners across IT, including Help Desk, Desktop Operations, System Administration, Networking, and cloud environment administrators. During high priority incidents the Incident Responder will direct the investigation and response activities of other security analysts, IT practitioners, and provide reporting and updates to Director level management. We are seeking a passionate advocate for information security! The successful candidate will be able to articulate themselves well, explain difficult concepts in ways that are easy to understand, be a team player, willing to admit when they are wrong or have made a mistake, be ready to always back up their words with data and solid analysis, and always be seeking opportunity to grow.
- Respond to security incidents, either from alerts out of the security toolset, or escalated alerts from our MSSP.
- Collaborate with InfoSec and IT personnel in analysis, discovery, and containment of cyber security incidents.
- Provide guidance and coaching to junior members of the team as well as acting as an escalation point for high severity incidents
- Collaborate with other Incident Response team members in other regions (EMEA and APAC).
- Interact with leadership and IT practitioners across the enterprise during highly sensitive and stressful situations during the incident response process.
- On-call shift work is required as is occasional work on holidays, nights, and weekends.
- Provide feedback to MSSP during weekly calls and manage caseload in conjunction with MSSP SOC analysts.
- Lead weekly alert tuning meetings with the Incident Response team, and provide guidance on alert tuning activities
- Implement blocks on firewalls, in the IPS, and other technology for IOCs reported in threat alerts or discovered during threat hunting activity.
- Prepare thorough reports of incidents, including root cause analysis.
- Hitachi Vantara is a global company and the candidate will be interacting with staff remotely across Asia, Europe and the Americas where English is the language of choice. The candidate must be fluent in English.
- Strong working knowledge of networking concepts, the OSI model, firewalls, ACLs, load balancers, packet capture utilities such as Wireshark
- Strong working knowledge and experience responding to host-based threats and risks, including ransomware
- Strong working knowledge and experience with log analysis using a SIEM including writing and tuning rules for alerts, reading and interpreting logs from various platforms including Linux, Windows, and networking appliances
- Working knowledge of EDR and Anti-Malware technology and platforms
- 3 years’ experience working as a SOC analyst or incident response role is required
- 5 years total experience in IT or cyber security is required
- Highly desirable for the candidate to have experience with LogRhythm
- Highly desirable for the candidate to have experience with Palo Alto IDS/IPS
- Highly desirable for the candidate to have a security certification such as CISSP, CISM, GSEC, CEH, CISA or other.
- A willingness to always continue learning and developing as a security professional.
- Knowledge of AWS and Microsoft Azure environments and concepts is desirable.
- Ability to write scripts or other automation code to automate simple tasks
We are an equal opportunity employer. All applicants will be considered for employment without attention to age, race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.