Tech Director Global Security Incident Response Electronic Arts EA Austin

Job Description: • 2-minute read •
The Tech Director - Global Security Incident Response is a senior technical security position that plays a pivotal role in security risk management across EA. The role focuses on coordinating and leading all cyber security related incidents across EA to closure. These security incidents include but are not limited to malware, insider threats, DDoS, ransomware, intellectual property leakage and unauthorized access.
Watch: Career Advice

During incidents, you’ll coordinate with partners such as Games teams, Information Technology, Legal, our EA Digital platform team and other business units to gather incident details, assess impact, and coordinate EA’s response. You’ll be responsible for all aspects of security incident response, including operational IR related work, incident response program oversight, and reporting/communications globally to ensure all stakeholders/partners are in alignment and executives are kept informed. The role is also responsible for monitoring the performance of open security incident tickets across EA to ensure a proportionate response, compliance with existing laws and regulations, and alignment of the Global IR Team with emerging threats and incident trends.

As this is a lead position, you’ll lead by example and set the pace and work ethic of the Global IR team and all Security Operations Centre (SOC) analysts involved in security incident response. It is important for you to be a strong communicator, as you must ensure that all interactions with Security leadership and business stakeholders are clear and consistent, even in times of crisis.

Ensuring that Global IR Team and the SOC staff have the correct training, education and security playbooks to work from is imperative to the success of this position. The IR Lead will also be responsible for managing and further enhancing the IR process itself.

Primary Responsibilities
Provide follow-the-sun IR coverage in conjunction with other Global Security IR specialists, SOC analysts and members of the EA Security Team.
Coordinate and drive the overall performance of the Global Security IR Team during incidents.
Respond to cyber security incidents by collecting, analyzing and preserving digital intelligence/evidence. Track and drive incidents to closure to return EA to business as usual, and drive mitigations & actions to close the feedback loop to prevent recurrence.
Assemble and partner with technical teams, stakeholders, legal team and third-party vendors to resolve incidents as quickly and efficiently as possible. The IR Lead is responsible for leading all incident related meetings and calls. This duty can be delegated to other members of the team, but the lead is ultimately accountable for performance.
Consistently communicate the status of response, resolution and final root cause analysis to EA Security leadership and appropriate stakeholders.
Partner with SOC leadership to develop and implement a training plan for SOC staff to effectively support the Global Security IR process.
Ensure that all incidents are recorded and tracked to meet audit and legal requirements where necessary.
Conduct root cause analysis to identify gaps and recommendations ultimately remediating risks to EA. This must be fed into an overall lessons learned program and communicated back to EA Security leadership.

Skills, Knowledge, and Abilities
Must have a minimum of 5 years’ hands on experience in security incident response and 8 years’ overall experience in security related work.
Must have thorough knowledge of information security components, principles, practices, and procedures and application of them during a security incident.
Must have a holistic understanding of attack vectors, current security threats, and remediation strategies.
Experience with host and network based forensics analysis and associated practices, procedures and evidence handling.
Experience in leading meetings, dividing responsibilities, and influencing people to take action to assist in the resolution of security incidents.
Some experience in information security operations, specifically monitoring, troubleshooting, maintaining networks and information systems.
Role requires excellent intra-business relationship experience. The Global Incident Response lead interacts with all levels of the enterprise, particularly with the Information Technology organisation and will be viewed as a subject matter expert.
Must have thorough knowledge of General IT architecture infrastructure, web application, and internet security along with a general understanding of common operating systems, networking protocols, database, and application development.
Ability to understand legal and regulatory requirements and business drivers, and to integrate these into the overall Global Security IR Program.
Ability to communicate security objectives orally and in writing to a variety of audiences.
Excellent analytical, organizational, verbal and written communication skills.
Ability to assess the scope and business impact caused by incidents and critical vulnerabilities.
Ability to design, evaluate and document process improvements when conducting lessons learned exercises.

Additional Requirements
Must be willing to travel to other EA locations as necessary to support security incidents.
Perform multiple critical assignments under deadline pressure in a fast-paced, high volume, office work environment.
Effectively perform work at varying levels to include executive/strategic and detailed/analytical.
Experience in coordinating, working with and gaining the trust of business stakeholders, technical resources, and third-party vendors is a plus

Follow @aarenhr

Send To A Friend