S&P Global
,
London, Greater London
EMEA Cyber Incident Response Team Lead
Overview
Job Description
EMEA Cyber Incident Response Team (CIRT) Lead Grade 13 (for internal purposes) *The Role:* *As the EMEA Cyber Incident Response Team (CIRT) Lead, you will be part of the Global Technology, Cyber Security team that develops and oversees the company's security program, ensuring the company is protected from existing and emerging threats. Working with the various teams, the EMEA CIRT Lead will be responsible for implementing the appropriate procedures are followed in order to detect and respond decisively to security incidents, coordinating incident response-related activities within the region and providing support globally. EMEA CIRT Lead reports to the Global CIRT Lead. 5-7 Years experience with the following:* *Primary Responsibilities:* Coordinate and triage responses to cybersecurity events and conduct forensic analysis Lead and mature a global team of incident response specialists Drive efforts towards the containment of threats and the remediation of the environment during or after an incident Understand the threat landscape through collaboration with the Threat Intelligence team and other stakeholders Direct and support incident response activities Develop and update standard operating procedures and playbooks to align response activities with best practices Develop and mature the threat hunting capabilities within the enterprise Deliver actionable incident metrics to management Manage the end-to-end incident response lifecycle Build an understanding of key S&P technology, systems, and business practices *Required Knowledge:* - Demonstrated knowledge of network traffic and communications analysis, including known ports and services, experience with Wireshark; - Demonstrate a working knowledge of the Windows operating system and familiarity with Unix - Linux and macOS *- Experience with managing or configuring the following security related technologies:* IPS, IDS, SIEM, firewalls, DNS, encryption, HIDS, NIDS, proxies, Network Packets, malware analysis, and forensic tools - Experience and familiarity with SEIM products; Qradar, Splunk, Elk, Arcsight, etc. - Experience with SOC management and operations. *- Experience with one or more of the following end-point detection and reponse platforms:* Carbon Black - Response, CrowdStrike Falcon, Tanium Detection and Response, Cybereason, etc. - Professional experience utilizing various open source and commercial analysis tools used for incident analysis (Encase, FTK, Autopsy, Sluethkit, Volatility, Redline) - Demonstrate professional experience utilizing the CIRT management principles as described in NIST 800-61 - Familiarity with Mitre Att&ck Framework - Proficiency in conducting research and analysis, compiling relevant information into a document for presentation - Demonstrated the ability to write technical reports, often without supervisor review, that can be consumed by multiple types of internal consumers - Demonstrated ability to extract actionable information and indicators collected logs sources and other data - Expert knowledge of physical computer components and architectures, including the functions of various components and peripherals (e.g., central processing units [CPUs], network interface cards [NICs], data storage) - Demonstrated knowledge of file system implementations (e.g., New Technology File System [NTFS], File Allocation Table [FAT], File Extension [EXT])