Senior Incident Response Analyst
October 9, 2018
Imagine…working for a company that knows that its people are the key to its success in the marketplace. A company in which achieving extraordinary results and having a stimulating work experience are part of the same process.
We cultivate and embrace a diverse employee population. We recognize that people with diverse backgrounds, experiences and perspectives fuel our growth and enrich our global culture.
We are looking for an individual who enjoys working in a fast-paced, team oriented environment, likes to be challenged, and values the opportunity to make a difference.
As a key member of Campbell’s Information Security Incident Response Team this individual will be responsible for various parts of the incident response process — detection, validation, containment, remediation, and communication — for IT based security events and incidents such as malware infections, potential compromise, Distributed Denial of Service (DDoS), privacy breach etc. This individual will be responsible for the rapid response and resolution of security incidents globally including onsite, the Cloud (AWS and MS Azure) and on SAAS applications. This will involve coordinating with internal/external teams including forensics, Legal, to identify root cause, restore services and communicate status to affected stakeholders. In addition, the individual will be involved in Targeted Threat Hunting including the continuous development of threat hunting and proactively identifying security incidents before they occur. This role will act as the escalation path for more junior staff to validate findings and identify scope of events and support during larger investigations. This individual will act as an internal resource while overseeing the work of the Incident Response Analysts and the third party Security Operations Centers staffed by 8 – 10 external employees.
50% – Incident Response
- Perform Level 2 and Level 3 computer security incident response activities including coordinating with the third party Security Operations Center (MSSP) and third party forensic firms including Verizon Breach Services.
- Monitor security logs in order to identify key events and incidents that require hands on investigation.
- Analyze and triage anomalies to ensure appropriate identification of risk to the Company systems and information.
- Oversee the forensic analysis of various incidents and analyze impact to organization including activities to be performed by team and others.
- High level, hands on coordination of information security incidents that require greater technical expertise and executive presence including escalation to third parties when there is a sense of urgency and escalation required.
- Communicate and coordinate response efforts including working with I.T., Business Leaders, and Third Parties to mitigate the impact of the risk. Manage the Crisis Management Team and activities on behalf of Director of Incident Management.
- Prepare incident reports of analysis and methodology and results of investigation. Review and sign off on reports prepared by others that will be used in the event of legal action.
25% – Threat Hunting
- Actively seek to uncover indicators of compromise for which monitoring capabilities do not yet exist.
- Collects and aggregates information from a wide variety of sources and formats them for relevance to our environment
- Creates hypotheses for analytics and testing of threat data
- Partner with the third party Security Operations Center (MSSP) and threat intelligence firms/organizations including Information Security Sharing forums (ISACs) to identify threats that may impact the Company
25% – Assist with Incident Management Strategy Development, Consulting and Management of Third Party Security Operations Center, Threat Intelligence Organizations.
- Leverage lessons learned, threat modelling and emerging industry better practice, to analyze the effectiveness of the existing program (policies, technology and awareness) in order to continuously improve the incident management program.
- Partner with Security Business Analysts, Security Architects to identify security logging and monitoring requirements for new initiatives especially those with privacy implications.
- Review industry frameworks and best practice to advance the Company’s controls in network/perimeter security, intrusion detection and response, content monitoring and filtering, vulnerability and patch management, end point detection response, forensics tools, managed threat detection and data loss prevention
- Partner with vendors and other third parties to improve product design and delivery capabilities.
- Assist with management and review of third party contracts for the security operations center and service levels. Identify potential gaps including procedures needed to mitigate risk.
- Ability to identify and respond to attacks and/or a security breach when there is a great deal of pressure and ambiguity.
- Ability to interpret changes in legislation that may require regulatory notification.
- Ability to testify as to actions taken as an expert witness.
- Ability to understand how systems and networks are architect-ed in the absence of detailed documentation.
- Bachelor’s Degree required
- 7-10 years of experience in the following areas:
- High level of technical expertise in information security, including deep familiarity with relevant penetration and intrusion techniques and attack vectors
- Cybersecurity in large complex companies including knowledge of global security and privacy breach laws and regulatory reporting.
- Proven experience working with third party Security Operations Center (8 – 10 people globally) and forensics firms such as Verizon Data Breach Services.
- Demonstrated ability to lead and develop cohesive and collaborative management and operational teams internally and with a third party
- Proven experience implementing policies, procedures and technology to detect and recover from a cyber security attack
- Ability to demonstrate strong computer knowledge networks, desktops, servers, cloud and software as a service technology.
- Expertise with next generation firewalls (Fortinet/Cisco/Checkpoint), Microsoft Advanced Threat Protection and 0365, Zero Day Threat Detection Technology, Threat Intelligence Feeds, Stix and Taxii Standards, Encase, Data Loss Prevention Software, Web Proxies, Web Application Firewalls.
- Strong problem-solving and trouble-shooting skills
- Strong communication skills including writing reports and presenting to senior executives.
- Demonstrated connections to external Incident Response leaders and learning organizations.
The Company is committed to providing equal opportunity for employees and applicants in all aspects of the employment relationship, without regard to race, color, sex, sexual orientation, gender identity, national origin, citizenship, marital status, veteran status, disability, age, religion or any other classification protected by law.
In that regard, U.S. applicants and employees are protected from discrimination based on certain categories protected by Federal law. Click here for additional information.