Elsevier employs 9,000 people worldwide, including over 2,500 technologists. We have supported the work of our research and health partners for more than 140 years. Growing from our roots in publishing, we offer knowledge and valuable analytics that help our users make breakthroughs and drive societal progress.
About our Team: We manage the global information security for the entire Elsevier company. We are a provider of science, technical and medical information, products, and services that help progress science and advance healthcare.
About the Role: Helping Information Security department goals and objectives through ownership of escalations and evaluation of security alerts. Identifying of new threats, detection methods, and response processes.
Responsibilities
- Incident Triage: Assisting in the initial assessment and classification of security incidents to determine their potential impact and priority.
- Incident Investigation: Participating in the investigation of security incidents by collecting and analyzing relevant data, logs, and evidence. Help in identifying the root cause of incidents.
- Supporting Automation: Assisting in the implementation of automation and scripting for routine incident response tasks.
- Threat Intelligence: Staying updated on the latest cybersecurity threats and trends. Work closely with our Threat Intelligence lead to integrate processes into incident response activities to improve detection and response capabilities.
- Documentation: Maintaining detailed records of incident response activities, actions taken, and findings. Ensure that all incident-related information is properly documented.
- Communication: Supporting in the communication with relevant stakeholders, including team members, management, and external parties, under the guidance of senior team members.
- Remediation: Helping in developing and implementing remediation plans to address weaknesses and vulnerabilities that contributed to the incident.
- Collaboration: Working closely with cross-functional teams, including IT, legal, public relations, and law enforcement, as needed during incident response.
- Compliance and Reporting: Assisting in ensuring that incident response activities comply with applicable regulations and standards. Support the preparation of incident reports and documentation for regulatory compliance.
- Awareness and Alerting: Staying informed about emerging cybersecurity threats and trends. Help develop and maintain alerting mechanisms for potential incidents.
Requirements
- Possess hands on experience responding to operational information security alerts including EDR, Cloud Service Providers, and Phishing emails
- Experience with Python, Windows & Linux shell scripting, and Regex
- Experience conducting forensic and incident response investigations independently
- Have knowledge of incident response processes including what actions need to be taken during different phases of the incident response lifecycle
- Experience with administration of various information security tools, ie) log extraction in SIEM, configuration & policy updates in EDR, and detection rule deployment
- Experience with monitoring and continuously assessing systems for security threats, including promotion of security policies and baselines
- Have ability to recommend, propose, and develop security improvement plans and remediation programs