Security Incident Coordination Analyst

Job Description:

Roles and responsibilities

As part of the SIC Team, you will: 
•    Monitor security tooling , conduct triage and analysis of any subsequent alerts, events and/or security incidents identified.
•    Validate, verify and report protective or countermeasure solutions, both technical and administrative
•    Co-ordinate and Investigate Security Incidents through to completion
•    Work with other resolver groups to respond to and investigate security incidents.
•    Monitor and manage functional mailboxes and respond to email enquiries from the account and clients.
•    Monitor and manage security tickets queues.
•    Review and raise security incidents in ticketing systems.
•    Assist in the completion of security reporting to agreed timescales and quality
•    Compile and present reports using Microsoft PowerPoint and Excel.
•    Provision of Critical Incident Response Report and lessons learnt to key stakeholders. 
•    Deal with legal and law enforcement-related issues as required
•    Periodically review security incidents to perform trend analysis, before making recommendations to the Security Delivery Lead for potential security improvements or sales opportunities
•    Respond to incidents as per playbooks and Security Incident Management Process. 
•    Act as an advisor to the account concerning Critical Security Advisories., responding to DXC Threat Advisories, ModCerts, Carecert and other emergency patching advisories.
•    Develop and maintain a critical vulnerability management system to effectively communicate with DXC clients when a “Zero Day” vulnerability is discovered e.g., SolarWinds
•    Manage security information requests from the customer.
•    Lead on complex and severe incidents when required  and ensure that playbooks are updated or reviewed to ensure that any lessons learnt are documented and repeatable.  
•    Take responsibility for SIC Team processes and continually review them to ensure that they are current and up to date. 
•    Ensure that all obligations are covered off (for instance monthly reporting) to the agreed timescales and quality.
•    Ensure that the Security Delivery Lead is informed of all relevant Security Incidents and Issues on the account. 
•    There will be a requirement that you must provide standby(on-call) cover whilst working on an agreed rota to cover high severity/critical  security incidents 
•    There may be requirements to work flexible hours when required e.g.,8am -4pm or 10am to 6pm.
•    Due to the nature of some of our clients a current security clearance is preferable, or willingness to attain security clearance.

Training
•    Ensure that you perform any mandatory training in line with Enterprise / Practise requirements and deadlines
•    To maintain a watching brief on threat actors and advanced persistent threats as well as continually reviewing zero-day exploits for potential issues
•    Enthusiasm and desire to develop your skill and knowledge base
Person Specs

Essential:
•    Possess experience of handling, responding, and investigating to cyber security incidents
•    Possess good analytical skills.
•    Experience of log analysis.
•    Knowledge and experience of using Protective Monitoring Tools e.g., ArcSight, Tanium, McAfee, Symantec, MS Defender, Microsoft 365, AZURE, and Azure Sentinel
Threat and Vulnerability management experience.
•    Experience of malware alert review
•    Experience of working in SOCS, ticketing systems, and interacting with delivery capabilities
•    Enthusiastic and committed approach with a track record of building strong, trusted base relationships with colleagues and stakeholders at all levels
•    A sound working knowledge of security best practice and legislation affecting the security role
•    Self-motivated and an ability to keep up to date with latest security threats and vulnerabilities and trends.
•    Excellent communication, influencing, negotiating and engagement skills
•    Possess good leadership skills when interacting with account delivery teams.
•    Sound judgement and decision-making skills, with a ‘hands on’, problem solving approach, able to remain calm under pressure and own security incidents
•    Ability to work to tight timescales.
•    Ability to remain calm and focused in high pressure situations identifying business resources essential to recovery.
•    Experience of writing procedures and reports, 
•    Ability to work as part of a team, as well as independently.

Desirable:

•    Recognized security qualification e.g., CISSP or CISM or willing towards obtaining accreditation.
•    Security professional with a proven experience within the security industry, the public sector, or armed services.
•    Knowledge of types and sources of tools and equipment required to adequately equip an Incident Response Team.
•    Knowledge of forensic requirements for collecting and presenting evidence
 

Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf. More information on employment scams is available here.