Cybersecurity Incident Response Lead

Responsibilities to include: 

• Serve as the executive point of contact during major international security incidents. 

• Assist with the defining and execution of the organisation’s global incident response strategy and roadmap as it pertains to the international areas of operation. 

• Lead and mentor the incident response teams, fostering a high-performance, collaborative culture. 

• Coordinate with both technical and business stakeholders during the incident response process. 

• Conduct day-to-day Incident Response activities as well as additional SOC related detection and response activities as required for a global environment. 

• Proactively monitor Cyber Threat Intelligence resources to serve as the basis for searching and identifying relevant signs of security incidents or anomalous behaviour (Threat Hunting).  

• Design, engineer, and implement runbooks and playbooks for Incident Response. 

• Develop and implement strategies to contain and limit the impact of security incidents. 

• Perform host based, cloud based, network based, memory, or log analysis and/or forensics in support of Incident Response investigations.  

• Influence and play an active role in CAA’s Security Incident Response efforts, working to identify and mitigate information security threats. 

• Review security information, event logs, and reports, provide findings and recommendations for improvements and logging standardisation. 

• Responsible for the development of end-to-end security monitoring and reporting; ensuring expected controls are in place and performing as designed.  

• Evaluate new and emerging threats against existing security controls; ensuring controls remain effective in changing business and threat landscapes. 

• Crafting searches and logic to detect anomalous behaviour in user, network, host and cloud activity. 

• Create meaningful visualisations, reporting, and dashboards to help contextualise data. 

• Use input from IRM leadership and key security metrics to ensure technical security controls are meeting desired objectives; implement a process of continual review and improvement to ensure the measurable effectiveness of CAA’s technical controls. 

• Other projects or duties as assigned. 

QUALIFICATIONS/REQUIREMENTS 

• A minimum of 8+ years in Information Technology, ideally with at least 5 years’ experience in a hands-on incident response, threat hunting, or technical investigation and forensics role 

• A bachelor’s or master’s degree in a relevant field of work, or equivalent work experience 

• Ability to mentor and train junior Security and Incident Response Analysts  

• Expertise in Cloud-based Incident Response and log analysis within a hybrid cloud environment 

• Experience developing scrips, tools, and methodology to enhance the investigation process 

• Strong technical background with experience in at least three of the following: 

• Identity Forensics  

• Windows disk and memory forensics 

• Network traffic analysis (NetFlow, cap) 

• Unix or Linux disk and memory forensics 

• Malware analysis – both static and dynamic 

• A strong understanding of the fundamental operations of servers, operating systems, networks, firewalls, cloud applications, and infrastructure 

• Expertise building workflows and playbooks to facilitate the Incident Response process 

• Proficiency in the NIST framework and using a continuous improvement loop 

• Has a proven track record for building and managing frameworks to test and validate the effective operation of security controls; measuring the ability to respond to threats and attacks at the earliest point in the kill chain