GSOC Cyber Incident Response Analyst

Company Description

About Experian

Experian is the world’s leading global information services company. During life’s big moments — from buying a home or a car to sending a child to college to growing a business by connecting with new customers — we empower consumers and our clients to manage their data with confidence. We help individuals to take financial control and access financial services, businesses to make smarter decisions and thrive, lenders to lend more responsibly, and organizations to prevent identity fraud and crime.

We have 17,800 people operating across 44 countries, and every day we’re investing in new technologies, talented people and innovation to help all our clients maximize every opportunity. We are listed on the London Stock Exchange (EXPN) and are a constituent of the FTSE 100 Index.

Learn more at www.experianplc.com or visit our global content hub at our global news blog for the latest news and insights from the Group.

Job Description

Experian, a global leader in providing information solutions to organizations and consumers, is seeking a highly motivated Senior Cyber Security Analyst to join our Global Security team at our Cyberjaya, Malaysia facility.

As a member of Experian’s Global Security Office (EGSO) / Global Cyber Incident Response Team, (GCIRT) this individual will respond, contain, escalate, investigate, and coordinate mitigation of security events relative to anomalies detected and escalated by the Global Security Operations Center (GSOC) according to Experian’s Incident Response Plan. The candidate will be a member of the GCIRT team who respond to and analyze security incidents involving threats targeting Experian information & assets. These threats may include phishing, malware, network attacks, suspicious activity, etc. In addition, this position will involve working with end-users, stakeholders, technical support teams, and management to ensure proper remediation and recovery from these threats.

This is a technical position supporting the strategies of the Global Security Operations Center and the Chief Information Security Officer.  This position reports to the Global Cyber Incident Response Manager and involves supporting other EGSO team members to include research, training, and data gathering.

This role requires you to work on 12 hour shift rotation. 

What you’ll be doing

• The Analyst executes Operational Processes and Procedures as a matter of daily responsibility. The role is the detailed and repeatable execution of all operational tasks which are documented in the Wiki and Incident Response Plan.
• Respond to Security to cyber security events and alerts associated to threats, intrusions, and/or compromises per SLO.
• Effectively manages multiple cases related to security incidents throughout the incident response lifecycle; including Analysis, Containment, Eradication, Recovery, and Lessons Learned.
• Identifies best methods to contain, eradicate, and recover from a wide variety of security incidents. Provides recommendations to proactively prevent incidents from re-occurring in the future.
• Coordinates successful conclusion of security incidents according to Process & Procedures. Escalates severe incidents according to Experian’s Incident Response Plan.
• Maintains all case documentation, including notes, analysis findings, containment steps, and root cause for each assigned security incident.
• Maintains a foundational understanding of common Operating Systems (Windows, Linux, Mac OS), Networking (Firewalls, Proxies, etc.), and Security Technologies (Anti-Virus, Intrusion Prevention, etc.)
• Interprets device and application logs from a variety of sources (e.g. Firewalls, Proxies, Web Servers, System Logs, Splunk, Packet Captures, etc.) to identify root cause and determine next steps for containment, eradication, and recovery.
• Follow all documented GCIRT playbooks, standards, processes, and procedures (GCIRT xWiki). All cases owned by an Analyst shall be well documented in accordance with GCIRT standards.
• Frequently attend and participate in the GSOC Weekly Lessons Learned Meetings. Contribute at least two (2) items to the GSOC Weekly Meeting Lessons Learned per Month.
• Maintain GCIRT Shift Logs for period worked.
• All assigned security incidents must be reviewed, updated, and documented at least every (3) business days. Coordinate coverage for any cases which need update while out on leave or holiday.
• Incident updates or contact with end user to be done every 24 hours and documented case notes.
• Maintain assigned case load and efficiently move incidents through each phase of the IR Lifecyle with a goal to complete cases within 5 business days.
• Follow case hand-off procedure, assisting other GCIRT Team Members with their case-load while they are off-shift.

Qualifications

More about you

• Bachelor’s Degree in Computer Science, Computer Engineering, Information Security or a related field. Two (2) years of experience working within a Security Operations Centers or Cyber Security Incident Response Teams may be accepted in lieu of this education requirement.
• Demonstrate knowledge of Incident Response and Investigative Methodology.
• Demonstrate critical thinking skills, analytical expertise, attention to detail, and ability to function in a fast-paced environment.
• Successfully obtain at least one certification involving incident response, ethical hacking, or cyber security (i.e. GCIH, E|CEH, E|CIH etc.) within the eighteen (18) months of employment.
• Ability to exhibit skills using common Incident Response and Security Monitoring applications such as SIEM (Splunk), EDR (FireEye HX, CrowdStrike Falcon, McAfee mVision EDR, etc.), WAF, IPS, etc.
• Must have competent English speaking, reading, and writing skills. The ability to explain technical terminology to the lay person is frequently required.
• Must work well with a global team-oriented environment and has flexibility to work a shift schedule (including nights and weekends).
• Candidate must be self-motivated and capable of working with little supervision.

Additional Information

Adhere to Experian policies and procedures

• Work under the Experian behaviours and values
• Facilitate and drive performance management processes
• Champion a culture where the fair treatment of customers is at the heart of the Experian business 
• Ensure that by leading by example, you adhere to all regulatory requirements and apply appropriate controls in the interests of customers. Through the adoption of a top down approach, demonstrate a culture where all our people understand their regulatory obligations, including what the fair treatment of customer’s means to them and our organization

Experian Careers - Creating a better tomorrow together

Find out what its like to work for Experian by clicking here