Security Incident Response Coordinator

What you'll be doing

• Act as the first responder for cyber-security incidents identified through different channels.
• Investigate cases such as, but not limited to: malware, cyberattack, APT, security breaches.
• Understand and identify indicators of attack and indicators of compromise.
• Investigate root cause of complex security incidents.
• Analyze incident data from threat analytics tools.
• Coordinate a response to the security incident with other internal teams and vendors.
• Develop, document and implement runbooks, capabilities and techniques for Incident Response.
• Develop reactive measures using automation tools (SOAR).
• Perform security triage and analysis / threat hunting on endpoint, server and network infrastructure.
• Perform activities necessary for immediate containment and short-term resolution of incidents.
• Collect, preserve and process volatile information and evidences needed to conduct highly-confidential forensic investigations.
• Ensures forensic investigation and incident response procedures comply with standard operating procedures, processes, policies, guidelines and forensics best practices.
• Examine and analyze security events or incidents and investigate significant issues related to technology infrastructure.
• Coordinate or provide recommendations for containment and remediation steps until security incident closure.
• Prepare detailed written reports that document the incident timeline and circumstances, present forensic evidence to varied audiences and offer expert opinions.
• Lead efforts to refine incident response and forensics methodologies, optimize related processes and procedures.
• Coach and advise teams on effective security practices, procedures and technical countermeasures to reduce risk.

What you need to know/have

• Experience in Security Incident Response with operational security experience (Indicator of Attack / Indicator of Compromise deep investigation, Malware Analysis, Threat Analytics, Threat Intelligence etc.)
• Experience in Network Security Administration and/or Systems Administration (Windows Server and Active Directory)
• Experience with various EDR solutions
• Knowledge of various query languages for SIEM
• Cloud experience with any of the major cloud providers, including cloud security
• Ability to manage complex incident response situations with a focus on deep technical troubleshooting
• Knowledge of Linux and Windows server systems and hardening methodology
• Networking knowledge (TCP/IP, routing protocols etc.), troubleshooting skills
• Knowledge of virtualization concepts and solutions
• Basic knowledge about scripting (any from bash, Python, Powershell)
• Graduated from a faculty such as Electronics, Telecommunications and Information Technology, Automatic Control and Computer Science, Cybernetics
• IT Industry certifications (SANS GCIH, CISSP, CEH, OSCP etc.)
• Analytical thinking and attention to details
• Ability to work comfortably in a fast-changing environment
• Sharing and collaboration with team mates

What's in it for you

• Performance Bonuses
• Electronic Meal Tickets
• Medical & Life insurance
• Professional GSM subscription
• Personal GSM subscription
• Special grants on Smartphones & devices; discounts for [Employer hidden — sign up to reveal] products & services
• Development Platforms - [Employer hidden — sign up to reveal] Learning, Trainings, Career Counselling, Coaching & Career plan mentoring
• Wellbeing Programs

At [Employer hidden — sign up to reveal], only your skills matter. Regardless of your age, gender, background, origin, religion, sexual orientation, disability, neurodiversity, or appearance, we actively encourage diversity within our teams.