Job Description:
The Intrusions Technical Director is a highly technical role that plays a pivotal role in security risk management across EA. The mission of this role is to leverage security related data from internal ‘sensors’ (e.g. SIEM, firewalls, IDS, routers, proxies, hosts etc.) and external sources (vendors, industry working groups, law enforcement etc.) in an effort to implement effective mitigations.
The Intrusions Technical Director will report into the Corporate Security Team within the Global Security and Risk Management (SRM) organization and maintain strong relations with internal business partners across the company. You will also work closely with a number of key individuals and teams within the SRM including the Security Incident Response Handlers, Business and Security Operations Centre (BSOC) and the Information Security Team, to investigate and conduct forensic examinations of potentially compromised systems in an effort to mitigate computer security incidents.
A successful candidate for this opportunity will have an excellent working knowledge of all aspects of malware analysis, computer forensics (host and network based), networking, operating systems and technical architectures and also possess strong written and verbal communication and interpersonal skills. Patience and a passion for the work are qualities that are additional indicators that you would be well-suited for this position.
Responsibilities
Respond to emerging threats such as APTs and other forms of targeted attacks, organized crime, etc.
Lead security incident response meetings with security, IT and other business stakeholders.
Perform detailed forensic analysis of assets, including logs, malware samples, hard drive images, etc.
Reconstruct events of a compromise by creating a timeline via correlation of forensic data.
Perform malware analysis and other attack analysis to extract indicators of compromise.
Implement and manage tools and technologies used as indicators of compromise and other threat intelligence.
Assemble and coordinate with technical teams and third-party vendors to resolve incidents as quickly and efficiently as possible.
Ensure that, where appropriate, all forensic investigations are recorded and tracked to meet audit and legal requirements.
Conduct root cause analysis to identify gaps and recommendations ultimately remediating risks to EA
Communicate effectively with representatives of the Lines of Business, technology specialists, and vendors.
Experience And Qualifications
The ideal candidate will have the following skills and experience:
Strong experience with intrusions analysis and security incident response
Experience in coordinating, working with, and gaining the trust of business stakeholders, technical resources, and third-party vendors.
Experience in leading security incident meetings, dividing responsibilities, and influencing people to take action to assist in the resolution of security incidents.
Expert level host and network based forensics skills, malware analysis and log analysis and correlation skills.
Strong experience working with attack analysis and forensic tools (e.g. GRR, Carbon Black, Bit9, Norman Shark G2, Cuckoo sandbox, Mastiff, Encase, FTK, open source tools).
Problem solving to learn new technical and non-technical analysis techniques to overcome problems
Desire for continued education for maintaining a strong proficiency in technical tools, countermeasures and techniques
APT campaign/intrusion set analysis and tracking experience
Strong Unix/Linux command line experience
Coding (scripting) experience e.g. Perl, VB Script, Python, etc
Expert level understanding of TCP/IP fundamentals, network protocols, network flow data, system administration and network architectures
Strong understanding of Windows & Linux operating systems
Experience with SIEMs e.g. QRadar, ArcSight etc
Industry experience in a large, mission-critical environment.
The ability to understand complex problems while formally presenting them simplistically to executives and senior business stakeholders.
Experience teaching and mentoring preferably in intrusions and incident response related skills
Knowledge of industry good practice for foundational security elements including network device and system-level hardening
Ability to identify both tactical and strategic solutions
Ability to work independently and in a cross functional team.
Ability to assess security incidents quickly and effectively and communicate a course of action to respond to the security incident while mitigating risk and limiting the operational and reputational impact to EA
Bachelor's Degree in Computer Science or related field.
Additional Requirements
Must be willing to travel to other EA locations as necessary to support security incidents and intrusions work.
Must be flexible in working patterns to ensure strong collaboration with other global security colleagues and business stakeholders.
Perform multiple critical assignments under deadline pressure in a fast-paced, high volume, office work environment.
Be able to influence culture and organisational change.
Pass it on for Referral Bonus. Not the right role for you, but know someone we should meet? Share with him to earn $1,000 referral bonus.
Posts
