Cyber Incident Response Lead

This is for Shift (5:00 PM to 2:00 AM)

Owens & Minor Halyard Health is looking for a Cyber Incident Response Lead to investigate and respond to cyber threats. This position is responsible for the investigation, remediation, and communication of cybersecurity incidents. This position is based in India and will work night shift.

ESSENTIAL JOB FUNCTIONS:

• Review security alerts that are escalated by SOC analysts to determine if they constitute an incident
• Investigate incidents to determine scope and impact
• Take steps to contain and remediate the incident
• Record incident details, artifacts, and evidence in incident tracking system
• Execute response protocols and playbooks to respond to incidents
• Escalate incident response protocols to senior staff when necessary
• Communicate with end users to collect information and resolve issues
• Collaborate with IT, Legal, and HR teams during incident response process

SUPPLEMENTAL JOB FUNCTIONS:

• Performs additional duties as directed.
• Effectively accomplishes set goals while primarily working in a remote capacity.
• Will need to be available on an on-call basis for off-hours critical incident response

Qualifications

EDUCATION & EXPERIENCE:

• 7 years of experience in cyber incident response and investigations.
• 5 years of experience in analyzing email headers and contents
• 3 years of experience in malware investigation and offline malware analysis techniques
• 2 years of experience in leading cybersecurity incident investigation and response

KNOWLEDGE SKILLS & ABILITIES:

• Strong understanding of SIEM log analysis and queries
• Strong understanding of Endpoint Detection and Response (EDR) capabilities and behavior.
• Strong understanding of network protocols such as TCP/IP, DNS, HTTP, TLS, SMB, CIFS, SMTP, and network traffic analysis
• Strong understanding of techniques to investigate phishing, credential theft, ransomware, botnets, and denial of service attacks
• Strong analytical and critical observation skills.
• Understanding of the MITRE ATT@CK framework
• Understanding of cyber incident recovery methodology
• Ability to work in a fast-paced environment with minimal supervision.
• Ability to create documentation and presentations for peers and management.

ADDITIONAL REQUIREMENTS:

• Desired certifications: GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), GIAC Network Forensic Analyst (GNFA), GIAC Cloud Forensics Responder (GCFR), GIAC Enterprise Incident Response (GEIR)

Skills Required
Cyber incident recovery methodology, SIEM log analysis