Responsible for leading the investigation and response efforts for cybersecurity incidents. They coordinate with other SOC team members, IT staff, and external stakeholders to contain, mitigate, and remediate security breaches effectively.

Key Responsibilities:

1. Incident Management: Lead the identification, assessment, and prioritization of cybersecurity incidents, adhering to established protocols and escalation procedures.
2. Investigation: Conduct in-depth analysis of security breaches, employing forensic tools and methodologies to gather evidence, determine the root cause, and ascertain the extent of the compromise.
3. Response Coordination: Collaborate closely with cross-functional teams, including SOC analysts, IT administrators, legal advisors, and law enforcement agencies, to orchestrate timely and effective response actions.
4. Containment and Mitigation: Implement containment measures to prevent further proliferation of security threats, while deploying mitigation strategies to minimize the impact on critical systems and data.
5. Remediation: Develop and execute remediation plans to restore affected systems and infrastructure to a secure state, ensuring compliance with regulatory requirements and industry standards.
6. Communication: Serve as a primary point of contact for communication with internal stakeholders, external vendors, and regulatory bodies, providing regular updates on incident status, response efforts, and post-incident reviews.
7. Documentation: Maintain comprehensive documentation of incident response activities, including incident reports, forensic findings, and lessons learned, to facilitate continuous improvement and knowledge sharing within the organization.

• Relevant industry certifications are preferred such as:
  • Certified Incident Handler (GCIH)
  • Certified Information Systems Security Professional (CISSP)
  • Certified Ethical Hacker (CEH)
  • GIAC Certified Forensic Analyst (GCFA)
  • Certified Cloud Security Professional (CCSP)
  • CompTIA Cybersecurity Analyst (CySA+)
  • EC-Council Certified Incident Handler (ECIH)
  • CompTIA Security+

Tools:

• Security Information and Event Management (SIEM) Systems:
  • Splunk
  • IBM QRadar
  • LogRhythm
  • Elastic SIEM
• Endpoint Detection and Response (EDR) Platforms:
  • CrowdStrike Falcon
  • SentinelOne
  • Carbon Black
• Network Traffic Analysis:
  • Wireshark
  • Zeek (formerly Bro)
  • tcpdump
• Forensic Analysis Tools:
  • Autopsy
  • The Sleuth Kit (TSK)
  • Volatility
• Threat Intelligence Platforms (TIP):
  • Anomali ThreatStream
  • ThreatConnect
  • Recorded Future
• Malware Analysis Tools:
  • VirusTotal
  • Cuckoo Sandbox
  • IDA Pro
• Vulnerability Scanning Tools:
  • Nessus
  • Qualys
  • Rapid7 InsightVM
• Email Security Gateways:
  • Proofpoint
  • Mimecast
  • Cisco Email Security

Working Conditions: This role may require occasional on-call duty and availability during non-business hours to respond to emergent cybersecurity incidents.