Summary of the Role:
The Incident Response Manager will provide the highest level of professional services in information security, incident response and computer forensic expertise for Hitachi Systems Security clients. In your role, you will be performing highly technical duties including system analysis, malware analysis, indicator extraction, signature development, log review and network traffic analysis, threat intelligence. Reporting will include debriefing of incidents and both tactical and strategic mitigations; therefore, extensive practical defensive security knowledge is required. You will be expected to analyze forensic data, determine root cause and develop a timeline for IR activities, articulating findings in technical detail as well as at an executive summary level, thus assisting clients and/or Hitachi Systems Security CyberSec Incident Response Team in the mitigation and resolution of security incidents and working with them to achieve an overall superior security posture.
You will apply formal and structured methodologies to provide clients with a consistent level of quality that reflects the knowledge and experience of Hitachi Systems Security. The Incident Response Manager will be expected to develop and present accurate and timely deliverables to clients outlining appropriate technical solutions, remedial steps, and accurate conclusions. Conduct incident response analysis for external and internal compromises. Work with the Incident Response Specialists, SOC analysts, leading the communication and escalation efforts. Evaluate and improve the effectiveness of incident response policies and programs in use. Incident Response Managers are required to work 24x7 on-call. Responsible for the Security Incident, Security breach and Data Breach post-mortem review and report.
The IRM will play a key operational role in the development, management, and continuous improvement of the Digital Forensics and Incident Response (DFIR) services.
- Conduct advanced computer and network forensic investigations relating to various forms of malware, computer intrusion, theft of information, denial of service, data breaches, etc.
- Support and assist threat intelligence services to prepare, prevent, and identify cyber threats in client environment.
- Assist clients in identifying and remediating gaps as identified throughout the investigation.
- Provide clients guidance and advice in regards to cyber incidents, forensics, and incident response.
- Document findings and create well written reports, applying the industry best practices
- Manage engagements, supervise staff, including SOC analysts and Incident Response Specialists, providing them with knowledge, expertise and coaching.
- Maintain technical knowledge within areas of expertise.
- Prepares and tests the effectiveness of existing resources by developing and conducting tabletop exercises, and improve accordingly based on formal post mortem reviews
- Adopts and applies the latest emerging threats that are relevant to the Cyber security landscape to design and maintain the Threat Matrix for our customers and to model the Attack and the vectors of attack in case of a security breach.
- Builds/adjusts escalation procedures to support and manage incident service levels (SLA) and creates the necessary workflows to guide customers and internal teams for increased efficiency.
- Produces and maintains up to date monthly Incident Response Management KPIs per client
- Provides timely and relevant updates to appropriate executives, leaders and decision makers in the event of a security breach.
- Stay current with new and evolving technologies via formal training and self-education
- University Degree in IT with 2 years experience in IT, or College degree with 5 years experience in IT
- GCIH, GNFA, and CISM or CISSP an important asset.
- Demonstrated experiences in cyber-security threats, vulnerabilities, controls and remediation strategies in global enterprise environments.
- Experience in developing procedures, policies, processes and playbooks based on NIST methods.
- Strong understanding of forensics tools and procedures to ensure compliant image acquisitions, network investigative techniques, malware analysis and IOCs.
- Ability to work with Blue team and Purple Team
- Comfortable presenting to executive and senior leadership.
- Strong collaborative skills to enable success across multiple regions and levels.
- Exhibits initiative and follows through with commitments.
- Ability to work and prioritize under pressure.
- Advanced degree of resourcefulness and initiative
- Excellent communications skills, both written and spoken
- English and French are required for this position.
- Very knowledgeable of communication protocols found on modern networks (ICMP, IP, UDP, TCP, ARP, HTTP, HTTPS/SSL, SNMP, POP, etc.)
- Has good knowledge of Cloud concepts and models, Operating Systems such as Windows and Linux (RHEL, CentOS)
- Knowledge of tools and techniques related to intrusion detection and incident management (asset)
- Absolute integrity and focus on security at all times
- Thorough in-house, expert training on cutting-edge technology
- Friendly and dynamic work environment in new and modern office
- Group insurance plan
- Flexible schedules
- Team spirit and dedication to service excellence
- Sense of belonging to a global, brand-name organization