Scope of Responsibility:
The CSIRT team is responsible for the following tasks:
- Identifying external threats through tool alerts and logs made available by the Cyber Systems and Cyber Defence teams;
- Consuming and exploiting intelligence produced by the Cyber Threat intelligence team;
- Reporting findings to network, regional, and local CISOs impacted by Cyber threats;
- Providing tactical and strategic recommendations for preventative controls to the Cyber Defence and Vulnerability Management teams based upon incident response findings and trends in realized threat activity; and
- Requesting custom development for analytics and SIEM enhancement from the Cyber Systems team.
Strategic and Technical Orientation / Job Content:
Individuals selected for this role are expected to have both extensive knowledge and managerial know-how related to the following aspects of the Cyber pillar skills matrix:
- Experience transitioning, maintaining, or using Security Technologies such as Security Incident and Event Management (SIEM), Endpoint protection, Data Loss Prevention, Forensic tools;
- Understanding of security technology operational industry standards;
- Experience contributing to a central technology service organization;
- Navigating a matrix organization; and
- Experience collaborating with multiple stakeholders across functional and technical skillsets.
Range of Impact:
- A 3E Level employee possesses deep knowledge and direct professional experience in a specific subject matter area or technical domain that is applied in the context of a broader understanding of CSIRT and related systems and processes. The selected individual will contribute to the development of new technical domain subject matters. A 3E resolves multi-faceted problems by applying continuously significant independent judgment through collaborating with others, and influences others through a small team of direct reports, through work on projects and in teams, and/or through leading portions of larger projects
- Consistently demonstrates extensive-level abilities in the Incident Response space from a managerial perspective;
- Encourages improvement and innovation within Incident Response and nurturing and developing less-experienced staff through coaching and written/verbal feedback;
- Build and maintain relationships across the network of firms to effectively deliver incident response activities on behalf of NIS; and
- Executes tasks aligned to CSIRT with autonomy.
Required: High school diploma or G.E.D.
Preferred: Undergraduate Degree (e.g., BA, BS) in Information technology or related field of study and/or completed certifications involving cybersecurity
4 – 6 Years’ of progressive professional roles involving information security and/or IT management.
An effective CSIRT candidate will also possess the following skills:
- Analytical: Inquisitive nature and intuition regarding what questions to ask, when, and their relative significance.
- Technical: Broad understanding of network protocols, operating systems, data storage, and how large enterprise employs these technologies. Ability to digest and apply knowledge – distributed global IT infrastructure. Knowledge of host and network forensic artefacts and analysis techniques. Understanding at a high level of attack techniques, toolkits, and infrastructure.
- Business: High level understanding of our business model, service offerings, and business operating environment as it pertains to the firm’s threat landscape. Ability to frame threats and exposures in a business context recognized by non-technical staff and executives.
- Threat landscape: Knowledge of how attack techniques are used in enterprise intrusions to gain entry, gain privilege, and ultimately accomplish a nefarious objective against a victim organization.
- Communication: Ability to leverage business communication skills to inform, persuade, and teach stakeholders across a global network of member firms’ staff and leadership to enable effective Incident Response activities and processes in line with the cyber readiness program.
Percentage of travel time: