Cyber Incident Response Team Lead (Cloud IR)

Heredia, Costa Rica

Applications have closed

Experian

Experian is committed to helping you protect, understand, and improve your credit. Start with your free Experian credit report and FICO® score.

View company page

Company Description

Experian is the world’s leading global information services company. During life’s big moments – from buying a home or a car, to sending a child to college, to growing a business by connecting with new customers – we empower consumers and our clients to manage their data with confidence. We help individuals to take financial control and access financial services, businesses to make smarter decisions and thrive, lenders to lend more responsibly, and organizations to prevent identity fraud and crime.

We have 20,000 people operating across 44 countries and every day we’re investing in new technologies, talented people, and innovation to help all our clients maximize every opportunity.

Job Description

As a member of Experian’s Global Security Office (EGSO) / Global Cyber Incident Response Team, (GCIRT) this individual will respond, contain, escalate, investigate, and coordinate mitigation of security events relative to anomalies detected and escalated by the Global Security Operations Center (GSOC) according to Experian’s Incident Response Plan. The member will respond and analyze security incidents involving threats targeting Experian information assets. These threats may include phishing, malware, network attacks, suspicious activity, etc. In addition, this position will involve working with end-users, stakeholders, technical support teams, and management to ensure proper remediation and recovery from these threats. Leverages analytical skills using data collected from endpoints, environmental logging, and a variety of other sources to maximize containment and eradication of threats, while expediting recovery of the business. This individual will be responsible for driving the Incident Response teams SLO Goals and performance, working to improve Incident Response process documentation, and coordinating training of team. They will be accountable for the overall Incident Response tower personnel management strategy.  

This position reports to the GSOC Sr. Manager Cyber Incident Response.  

Key Responsibilities Include:  

The Team Lead executes Operational Processes and Procedures as a matter of daily responsibility. The role is the detailed and repeatable execution of all operational tasks which are documented in the Wiki and Incident Response Plan. 

  • Respond to Security to cyber security events and alerts associated to threats, intrusions, and/or compromises per SLO. 
  • Effectively manages multiple cases related to security incidents throughout the incident response lifecycle; including Analysis, Containment, Eradication, Recovery, and Lessons Learned. 
  • Identifies best methods to contain, eradicate, and recover from a wide variety of security incidents. Provides recommendations to proactively prevent incidents from re-occurring in the future. 
  • Coordinates successful conclusion of security incidents according to Process & Procedures. Escalates severe incidents according to Experian’s Incident Response Plan. 
  • Maintains all case documentation, including notes, analysis findings, containment steps, and root cause for each assigned security incident. 
  • Maintains a foundational understanding of common Operating Systems (Windows, Linux, Mac OS), Networking (Firewalls, Proxies, etc.), and Security Technologies (Anti-Virus, Intrusion Prevention, etc.) 
  • Interprets device and application logs from a variety of sources (e.g. Firewalls, Proxies, Web Servers, System Logs, Splunk, Packet Captures, etc.) to identify root cause and determine next steps for containment, eradication, and recovery. 
  • Follow all documented GCIRT playbooks, standards, processes, and procedures (GCIRT xWiki). All cases owned by an Analyst shall be well documented in accordance with GCIRT standards. 
  • Frequently attend and participate in the GSOC Weekly Lessons Learned Meetings. Contribute at least two (2) items to the GSOC Weekly Meeting Lessons Learned per Month. 
  • Maintain GCIRT Shift Logs for period worked. Verify Shift Logs are completed and accurate by L1 analysts. 
  • All assigned security incidents must be reviewed, updated, and documented at least every (3) business days. Coordinate coverage for any cases which need update while out on leave or holiday.  
  • Incident updates or contact with end user to be done every 24 hours and documented case notes. 
  • Maintain assigned case load and efficiently move incidents through each phase of the IR Lifecyle with a goal to complete cases within 5 business days. 
  • Follow case hand-off procedure, assisting other GCIRT Team Members with their caseload while they are off shift.  
  • Provide Advanced Support as needed to other GCIRT Analysts (Logs review, IP Block question). Mentor other GCIRT analyst when required (process question, tool usage) 
  • Leads local resources to ensure team meets SLOs and follows Incident Response Process, Procedures & Playbooks. 
  • Supports overall direction for the GCIRT and input to the overall security strategy. 
  • Work with GCIRT team to resolve any case discrepancies or breach of SLOs, including: 
  • Unresolved GCIRT Cases exceeding SLOs and make sure to assist other analysts with their cases 
  • Inactivity-No updates in more than (7) days and remind other analysts to follow up on their cases 
  • Missing Data and make sure it stays in 0 cases 
  • Ensure proper case documentation and phase management throughout the IR Lifecycle 
  • Ensure the GCIRT Team is following approved Process and Procedures, Playbooks, etc. 
  • Coordinate training and On-boarding of new GCIRT Analysts 
  • Monitor open incidents in the GCIRT Board and make sure they are being updated/worked 

Qualifications

  • Bachelor’s Degree in Computer Science, Computer Engineering, Information Security or a related field is preferred. 
  • 7+ years of experience working within a Security Operations Centers or Cyber Security Incident Response Teams may be accepted in lieu of this education requirement. 
  • Demonstrate knowledge of Incident Response and Investigative Methodology. 
  • Proven work experience of Cloud Incident Response in at least one Cloud platform (Azure, AWS, GCP). 
  • Demonstrate critical thinking skills, analytical expertise, attention to detail, and ability to function in a fast-paced environment. 
  • Preferred to have at least one certification involving incident response, ethical hacking, or cyber security (i.e. GCIH, GCFR, E|CEH, E|CIH etc.) 
  • Preferred to have at least one Security Management certification (i.e. ISC2 CISSP, CISM, etc.) or obtain such within the first two years as a Cyber Incident Response Team Lead.  
  • Ability to exhibit skills using common Incident Response and Security Monitoring applications such as SIEM (Splunk), EDR (FireEye HX, CrowdStrike Falcon, McAfee mVision EDR, etc.), WAF, IPS, etc. 
  • Must have competent English speaking, reading, and writing skills. The ability to explain technical terminology to the lay person is frequently required. 
  • As a Team Lead, this role has a regular Monday – Friday schedule, but flexibility to work a shift schedule (including nights and weekends) might be necessary.
  • Must work well with a global team-oriented environment  
  • Candidate must be self-motivated and capable of working with little supervision. 

Additional Information

Our benefits include: Medical, life and dental insurance, Asociación Solidarista, International Share Save Plan, Flex Work/Work from home, Paid time off, Annual Performance Bonus, Education Reimbursement, Family Bonding, Bereavement Leave, Referral Program, and more.

#LI-GJ1

Experian Careers - Creating a better tomorrow together

Find out what its like to work for Experian by clicking here

Experian is proud to be an Equal Opportunity and Affirmative Action employer. Our goal is to create a thriving, inclusive and diverse team where people love their work and love working together. We believe that diversity, equity and inclusion is essential to our purpose of creating a better tomorrow. We value the uniqueness of every individual and want you to bring your whole, authentic self to work. For us, this is The Power of YOU and it ensures that we live what we believe.

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: AWS Azure CEH CISM CISSP Cloud Computer Science CrowdStrike EDR Ethical hacking Firewalls GCIH GCP Incident response Intrusion prevention IPS Linux Malware Monitoring Security strategy SIEM SLOs SOC Splunk Strategy Windows

Perks/benefits: Flex vacation Health care Medical leave Salary bonus Team events

Region: North America
Country: Costa Rica
Job stats:  7  0  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.