Responsibilities of Role:
• Leading security incidents in a cross-functional and collaborative environment, targeting incident resolution
• Developing IR initiatives that improve our capabilities to respond and swiftly remediate security events
• Identifying, developing, and articulating the missions of highest importance for your teams
• Reporting on security incident performance and risk indicator metrics
• Identifying and tracking key performance metrics for the team; utilizing metrics to find new ways to improve sustainability for your team and improve security incident response and remediation closure rates
• Leading and fostering innovation within the Security Incident Response team, driving key decisions and focus on client outcomes
• Creating a culture of accountability, quality, agility, and high performance that will foster the attraction, development, and retention of security analysts
• Mentoring and coaching team members to continue to scale in our high-growth environment
• Responsible for being a focal incident response point for all within the organization (Incident Response/Post Breach Remediation/RMS Advisory/MSSP Advisory). This includes being able to provide initial analysis and identification of IOC’s, escalation to the appropriate business units and post-incident activities.
• Oversee Incident Response Plans: Design, implement, and manage the client's incident response policies and procedures to ensure preparedness.
• Coordinate Incident Response Teams: Lead cross-functional teams during security incidents, ensuring an organised and timely response.
• Triage and Prioritise Incidents: Assess incidents for severity and potential impact, assigning appropriate resources and setting response priorities.
• Communication: Serve as technical point of contact during an incident, providing updates to internal and external stakeholders.
• Serve as an incident manager, reporting key findings, barriers, escalations and concerns to the Head of DFIR, while liaising with Legal, Director of Sales and IRC team
• Support the Global Head of DFIR with Project based work that advances the output and productivity of the department and organization
• Maintain and prepare departmental reports for Key Performance Indicators (KPIs) to be presented to the Global Head of DFIR and EVP Sales & Revenue as needed
• Provide leadership and support to the CERT team, acting as a backup for the Global Head of DFIR during vacations or time-off
• Responsible for supporting a wide number of technologies and being able to proficiently perform advanced troubleshooting on the fly (packet captures, debugs, traffic analysis)
• Work on the continued development of DFIR/CERT and Machine investigation lifecycles as part of the ongoing process to enhance IR capabilities; also provided significant contribution to the revision of Incident Response and Post Breach Remediation policies, procedures and process.
• Responsible for developing and documenting Incident Response methods and guidelines for the organizations
• Develop a detailed Incident Response run book of tools, techniques and forensic methods for personnel to utilize during investigations.
• Support in the departments DFIR tooling selection process and any proof of concept projects.
• Chain of Custody: Ensure that evidence is collected, handled, and preserved in a legally defensible manner, maintaining the chain of custody for potential litigation.
• Perform live-endpoint investigation, including the identification and gathering of key forensic artifacts, offline investigation as needed and providing remediation actions as needed.
• Implements and deploys an Incident Response focused ticketing system to improve incident tracking, remediation and metrics for incidents worked.
• Post-incident Analysis: Conduct root cause analysis after incidents to identify vulnerabilities and develop strategies to prevent recurrence.
• Recovery Support: Work closely with IT and cybersecurity teams to guide recovery efforts, including system restoration and remediation.
• Responsible for working with 3rd parties in order to assist with incident response, business email compromise, security breach, improve overall security, investigations, recommendations and remediation.
• Responsible for reporting of security metrics related to the Incident Response team.
• Provides mentoring to team members of incident response techniques and methodologies
• Assists Sales and SOC in the successful conversion from incident response, PBR, RMS, eDiscovery to SOC; including process and procedure build out.
• Developing and providing high-level technical reports in response to clients
• Developing and providing high-level business unit specific KPI’s to senior management
• Developing and providing metrics surrounding the departments utilization, engagement timelines, profitability and billing
• Supporting Incident Response Coordinator (IRC) workflows.
• Incident Response Metrics and Reporting: Track and report key performance indicators (KPIs) and metrics related to incident response and digital forensics to senior leadership.
• Budget and Resource Management: Oversee the allocation of resources, including personnel, tools, and budgets, to effectively manage incident response and forensics operations.
• Understand the process for time tracking and auditing to ensure Budget and Resource Management: Oversee the allocation of resources, including personnel, tools, and budgets, to effectively manage incident response and forensics operations.
• Monitor and Manage Regional profit & loss metrics and requirements
• Create and maintain and enhanced onboarding program that is concise and repeatable, effectively covering all aspects of the CERT role
• Serve as a member of a 24x7/365 service delivery team that handles incident response, post breach remediation, escalation, required to perform complex investigations and/or troubleshooting and driving root cause to resolution.
• Incident Response Training: Organise and lead training sessions and simulations (e.g., tabletop exercises) for CERT staff to improve readiness and response capabilities.
• Client Education: Raise awareness across external organisations about digital forensics, incident response protocols, and security best practices.
• All activities and responsibilities will be required to provide support to the Global CERT team and are not limited to one region
• Maintain and manage AWS instances to ensure timely deletion and removal of data to minimize company and customer fees/overages
Requirements/Must Haves:
• Minimum 3 years of Management/Leadership experience
• Minimum 3 years of client facing experience in technical situations
• Minimum 6 years of experience in Incident Response
• Bachelor’s degree or matched work experience
• 5+ years of information security experience as well as leading teams with a deep passion for cybersecurity and incident response
• Experience in the Cyber Insurance and Legal markets
• Successful track record of helping to implement security initiatives and frameworks in a flexible and innovative manner
• Ability to understand technical issues teams face day-to-day and act as a player/coach for blocker removal
• A collaborative approach to decision-making and the ability to influence with minimal guidance
• Experience in conducting Tabletop Exercises in Incident Response
• Experience in the deployment and management of EDR Technology
• Experience with Security Technologies and NIST Framework
• Developing, documenting and implementing incident response methods, process
• Perform live endpoint investigations
• Experience in forensic investigations both on-premise and cloud
• Experience in mentoring developing and delivering inhouse training
• Must be available to provide coverage to meet business requirements in 3 regions
• Strong knowledge of DFIR Tools
• Strong knowledge of Virtualization Technologies, Operating Systems, Firewalls, VPN’s, SIEM, Enterprise Gateway Technologies, Networking Devices, Security Technologies, etc.