Sr. Cyber Incident Response Analyst
Heredia, Costa Rica
Applications have closed
ExperianExperian is committed to helping you protect, understand, and improve your credit. Start with your free Experian credit report and FICO® score.
Experian is the world’s leading global information services company. During life’s big moments – from buying a home or a car, to sending a child to college, to growing a business by connecting with new customers – we empower consumers and our clients to manage their data with confidence. We help individuals to take financial control and access financial services, businesses to make smarter decisions and thrive, lenders to lend more responsibly, and organizations to prevent identity fraud and crime.
We have 20,000 people operating across 44 countries and every day we’re investing in new technologies, talented people, and innovation to help all our clients maximize every opportunity.
Experian, a global leader in providing information solutions to organizations and consumers, is seeking a highly motivated Senior Cyber Security Analyst to join our Global Security team at our Costa Rica’s facility.
As a member of Experian’s Global Security Office (EGSO) / Global Cyber Incident Response Team, (GCIRT) this individual will respond, contain, escalate, investigate, and coordinate mitigation of security events relative to anomalies detected and escalated by the Global Security Operations Center (GSOC) according to Experian’s Incident Response Plan. The member will respond and analyze security incidents involving threats targeting Experian information assets. These threats may include phishing, malware, network attacks, suspicious activity, etc. In addition, this position will involve working with end-users, stakeholders, technical support teams, and management to ensure proper remediation and recovery from these threats. Leverages analytical skills using data collected from endpoints, environmental logging, and a variety of other sources to maximize containment and eradication of threats, while expediting recovery of the business. This role requires cloud incident response experience.
Key Responsibilities Include:
The Senior Analyst executes Operational Processes and Procedures as a matter of daily responsibility. The role is the detailed and repeatable execution of all operational tasks which are documented in the Wiki and Incident Response Plan.
- Respond to Security to cyber security events and alerts associated to threats, intrusions, and/or compromises per SLO.
- Effectively manages multiple cases related to security incidents throughout the incident response lifecycle; including Analysis, Containment, Eradication, Recovery, and Lessons Learned.
- Identifies best methods to contain, eradicate, and recover from a wide variety of security incidents. Provides recommendations to proactively prevent incidents from re-occurring in the future.
- Coordinates successful conclusion of security incidents according to Process & Procedures. Escalates severe incidents according to Experian’s Incident Response Plan.
- Maintains all case documentation, including notes, analysis findings, containment steps, and root cause for each assigned security incident.
- Maintains a foundational understanding of common Operating Systems (Windows, Linux, Mac OS), Networking (Firewalls, Proxies, etc.), and Security Technologies (Anti-Virus, Intrusion Prevention, etc.)
- Interprets device and application logs from a variety of sources (e.g. Firewalls, Proxies, Web Servers, System Logs, Splunk, Packet Captures, etc.) to identify root cause and determine next steps for containment, eradication, and recovery.
- Follow all documented GCIRT playbooks, standards, processes, and procedures (GCIRT xWiki). All cases owned by an Analyst shall be well documented in accordance with GCIRT standards.
- Frequently attend and participate in the GSOC Weekly Lessons Learned Meetings. Contribute at least two (2) items to the GSOC Weekly Meeting Lessons Learned per Month.
- Maintain GCIRT Shift Logs for period worked. Verify Shift Logs are completed and accurate by L1 analysts.
- All assigned security incidents must be reviewed, updated, and documented at least every (3) business days. Coordinate coverage for any cases which need update while out on leave or holiday.
- Incident updates or contact with end user to be done every 24 hours and documented case notes.
- Maintain assigned case load and efficiently move incidents through each phase of the IR Lifecyle with a goal to complete cases within 5 business days.
- Follow case hand-off procedure, assisting other GCIRT Team Members with their case-load while they are off-shift.
- Provide Advanced Support as needed to other GCIRT Analysts (Logs review, IP Block question). Mentor other GCIRT analyst when required (process question, tool usage)
- Leads local resources to ensure team meets SLOs and follows Incident Response Process, Procedures & Playbooks.
- Supports overall direction for the GCIRT and input to the overall security strategy.
Schedule: Wednesday, Thursday, Friday & alternating Saturdays, 6am - 7pm Central Time
- Bachelor’s Degree in Computer Science, Computer Engineering, Information Security or a related field.
- 5+ years of experience working within a Security Operations Centers or Cyber Security Incident Response Teams may be accepted in lieu of this education requirement.
- Demonstrate knowledge of Incident Response and Investigative Methodology.
- Proven work experience in Cloud Incident Response in at least one Cloud platform (Azure, AWS, GCP).
- Demonstrate critical thinking skills, analytical expertise, attention to detail, and ability to function in a fast-paced environment.
- Must have at least one certification involving incident response, ethical hacking, or cyber security (i.e. GCIH, GCFR, E|CEH, E|CIH etc.)
- Preferred to have at least one certification involving digital forensics (i.e. GCFE, EnCE)
- Ability to exhibit skills using common Incident Response and Security Monitoring applications such as SIEM (Splunk), EDR (FireEye HX, CrowdStrike Falcon, McAfee mVision EDR, etc.), WAF, IPS, etc.
- Must have competent English speaking, reading, and writing skills. The ability to explain technical terminology to the lay person is frequently required.
- Must work well with a global team-oriented environment and has flexibility to work a shift schedule (including nights and weekends).
- Candidate must be self-motivated and capable of working with little supervision.
Our benefits include: Medical, life and dental insurance, Asociación Solidarista, International Share Save Plan, Flex Work/Work from home, Paid time off, Annual Performance Bonus, Education Reimbursement, Family Bonding, Bereavement Leave, Referral Program, and more.
Experian Careers - Creating a better tomorrow together
Find out what its like to work for Experian by clicking here
Experian is proud to be an Equal Opportunity and Affirmative Action employer. Our goal is to create a thriving, inclusive and diverse team where people love their work and love working together. We believe that diversity, equity and inclusion is essential to our purpose of creating a better tomorrow. We value the uniqueness of every individual and want you to bring your whole, authentic self to work. For us, this is The Power of YOU and it ensures that we live what we believe.
* Salary range is an estimate based on our salary survey 💰
Tags: AWS Azure CEH Cloud Computer Science CrowdStrike EDR EnCE Ethical hacking Firewalls Forensics GCIH GCP Incident response Intrusion prevention IPS Linux Malware Monitoring Security strategy SIEM SLOs SOC Splunk Strategy Windows
Perks/benefits: Flex vacation Health care Medical leave Salary bonus Team events
More jobs like this
Las Vegas, Nevada, United … Las Vegas, Nevada, United States Full TimeSenior Senior-levelUSD 132K - 190K * USD 132K+ *
Senior IT Cybersecurity Engineer, Incident ResponseCISSP Compliance Computer Science EDR GIAC Incident response Linux +5
401(k) matching Career development Equity Health care Salary bonus +1
Explore more InfoSec/Cybersecurity career opportunities
Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cyber Security in general, filtered by job title or popular skill, toolset and products used.
- Open SOC Analyst jobs
- Open Senior Cybersecurity Engineer jobs
- Open Security Operations Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Security Architect jobs
- Open Cybersecurity Analyst jobs
- Open IT Security Engineer jobs
- Open Information System Security Officer (ISSO) jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open IT Security Analyst jobs
- Open Head of Information Security jobs
- Open Cyber Hunt SME jobs
- Open Security Consultant jobs
- Open Lead Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Security Operations Engineer jobs
- Open Staff Application Security Engineer jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Penetration Tester jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Engineer jobs
- Open Senior Security Analyst jobs
- Open Director of Information Security jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Risk assessment-related jobs
- Open Governance-related jobs
- Open Pentesting-related jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Kubernetes-related jobs
- Open DevOps-related jobs
- Open DevSecOps-related jobs
- Open SaaS-related jobs
- Open Vulnerability management-related jobs
- Open IAM-related jobs
- Open APIs-related jobs
- Open CISM-related jobs
- Open CI/CD-related jobs
- Open Forensics-related jobs
- Open Java-related jobs
- Open Analytics-related jobs
- Open Malware-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open OWASP-related jobs
- Open Terraform-related jobs
- Open IDS-related jobs