Key skills
AWSAzureCloudCyber SecurityFirewallsGoogle Cloud PlatformLinuxSplunkGCPGoogle Cloud
About this role
Role Overview
- Execute daily security operations by monitoring, triaging, and conducting response activities for security events and alerts associated with cyber threats, intrusions, and compromises.
- Analyze events using security tooling and logging, such as SIEM, EDR, and assess the potential risk/severity level of cyber threats.
- Escalate higher-risk events to dedicated incident response and management teams in the CFC, according to established processes.
- Collaborate with external teams for incident resolution and escalations, driving incident handling.
- Notify team Lead(s) of concerns related to operations, such as anomalous changes in metrics, notable open incidents, quality concerns, or observed risks; support with resolution if appropriate.
- Manage and complete assigned caseload throughout the incident response lifecycle, including analysis, containment, eradication, recovery, and lessons learned; maintain standards of quality to resolve events.
- Maintain all case documentation, including notes, analysis findings, containment steps, and cause for each assigned security incident.
- Perform incident updates or make contact with end-users promptly and document them, and complete case hand-off processes, such as completing/verifying shift logs.
- Apply subject matter expertise in security operations processes to help improve relevant playbooks, Standard Operating Procedures (SOPs), and training materials.
- Assist the team Leads and management on use case development by suggesting enhancements or tuning of use cases to improve the security posture of Experian.
- Participate in paid overtime when operational needs may require additional support.
Requirements
- 3+ years of information security experience working within a Security Operations Center or Cyber Security Incident Response Team.
- Bachelor's Degree in Computer Science, Computer Engineering, Information Systems, Information Security, or a related field.
- 6+ years of experience working within a Security Operations Center, Incident Response Team, law enforcement, and/or military experience may be accepted in lieu of this requirement.
- Demonstrate working knowledge of the Incident Response Life Cycle, MITRE ATT&CK Framework, Cyber Kill Chain, and other cybersecurity frameworks.
- Demonstrated knowledge of common intrusion methods and cyber-attack tactics, techniques, and procedures (TTPs).
- Demonstrated proficiency in determining appropriate methods to contain, eradicate, and recover from a variety of security incidents.
- Possesses an understanding of common Operating Systems (Windows, Linux, Mac OS), Networking (Firewalls, Proxies, NetFlow, etc.), Cloud Infrastructure (AWS, Azure, GCP), and Security Technologies (Anti-Virus, Intrusion Prevention, Web Application Firewalls, etc.).
- Ability to review and interpret device and application logs from a variety of sources (e.g., Firewalls, Proxies, Web Servers, System Logs, Splunk, Packet Captures, etc.) to identify root cause and determine next steps for containment, eradication, and recovery.
- Experience with common Incident Response and Security Monitoring applications such as SIEM (e.g., Qradar, Splunk), EDR (e.g., FireEye HX, CrowdStrike Falcon, Microsoft Defender, etc.); experience with Security Orchestration, Automation, and Response (SOAR) technologies such as Palo Alto XSOAR and Google Secops (Chronicle) are a plus.
- One or more professional, currently-held certifications related to Digital Forensics, Incident Response, or Ethical Hacking highly preferred (e.g., GCIH, GMON, GCED, GSOC, CEH, GCFE, GCFA, CFCE, ENCE).
Tech Stack
- AWS
- Azure
- Cloud
- Cyber Security
- Firewalls
- Google Cloud Platform
- Linux
- Splunk
Benefits
- Great compensation package and bonus plan.
- Core benefits including medical, dental, vision, and matching 401K.
- Flexible work environment, ability to work remote, hybrid or in-office.
- Flexible time off including volunteer time off, vacation, sick and 12-paid holidays.