csirt advisor operational detection, analysis and response Job Description Template
Our company is looking for a csirt advisor operational detection, analysis and response to join our team.
Responsibilities:
- Build security utilities and tools for internal use that enables you and your fellow team mates to operate at high speed and broad scale;
- Create, maintain and promote a set of CSIRT operation playbooks to effectively trigger and execute the security incident response process;
- Review, analyze and resolve difficult and complex information security incidents;
- Perform deep dive analysis of malicious artifacts;
- Take responsibility for successful execution of incident response plan;
- Identify and recommend process improvements;
- Work with the Security Response Center analysts on incident response tickets and manage / prioritize queue assignments;
- Design and coordinate cohesive responses to security events that involve multiple teams across the organization;
- Provide security control enhancement recommendations based on security incident data;
- Analyze large and unstructured data sets to identify trends and anomalies indicative of malicious activities;
- Respond to critical security incidents and lead escalation teams to close with response, containment and remediation;
- Plan and execute annual Security Incident Response tabletop exercises;
- Provide situational awareness on the current threat landscape and the techniques, tactics and procedures associated with specific threats;
- Mature the Security Incident Response process to ensure it meets the needs of the global business and is adhered to;
- Communicate and build effective relationships with people at all levels.
Requirements:
- The ability to learn new technologies and concepts quickly;
- Excellent problem-solving skills with the ability to diagnose and troubleshoot technical issues;
- Strong knowledge of networking fundamentals;
- At least 5 to 6 years of directly related experience in Information Security Threat Detection and Incidence response;
- Excellent command of English, both written and verbal;
- Familiarization with common protocols and services (FTP, SSH, SMB, LDAP, etc.);
- Bachelor or master’s degree in Computer Science, Information Systems, or equivalent experience;
- Customer-oriented with a strong interest in customer satisfaction;
- Familiarity with various types and techniques of cyber-attacks;
- Experienced with command-line interfaces;
- Strong experience in Packet analysis tools (tcpdump, Wireshark, ngrep, etc.);
- Experience in Log and Event analysis and data correlation;
- Strong experience in SIEM (Splunk, RSA).