Cyber Security Incident Response Specialist
An excellent opportunity is now open for a Cyber Security Incident Report Specialist who will be responsible for cybercrime investigations for Centrica. This includes internal investigations, e-Discovery, network forensics, cyber breach investigations including complex and sensitive inquiries. There will also on occasion the need to write reports/witness statements and give evidence in court or at other tribunals.
As a Cyber Security Incident Report Specialist, you will be assisting the Security Operations Manager in the management of all aspects of Security Operations, including:
- Providing eDiscovery services, Forensic analysis, and Incident Response investigations.
- Building and managing eDiscovery, forensic and incident infrastructure and tools within a large enterprise environment.
- Providing information security management, and information security breach investigation and computer forensics.
- Lead and manage sensitive cyber forensic investigations.
- Supporting and participating in weekly security operations calls.
- Reporting progress and escalating in a timely manner to the Security Operations Manager.
- Maintaining dashboards for management reporting and producing input to team updates.
- Performing security reviews across information systems and key infrastructure (e.g., firewalls, privilege access groups, databases).
- Supporting third party security services benchmark reporting against Centrica's policies and ensuring contractual requirements are met.
- Tracking the remediation of vulnerabilities reported by static and dynamic scanning tools through to remediation or risk acceptance.
- Analysing security reports to identify trends and drive secure behaviours throughout the business.
- Managing operational and regulatory issues and escalating as appropriate.
- Creating and maintaining documentation as it relates to security designs/configurations, processes, and requirements.
- Managing alerts and highlighting events requiring further investigation
- Maintaining an awareness of security policies and government regulations pertaining to information security
Your background includes experience in:
- Security Operations environment and Cyber Security Incident Response team.
- SIEM, SEM, and Log monitoring and analytics.
- IT helpdesk or in IT operations.
- Scripting/programming (PERL, shell scripting, C, use of Regular Expressions).
- Operating systems (e.g., Android, iOS, Linux, Windows, MVS, VMWare), hardware and software platforms; and protocols as they relate to information technology.
- Analysing network attacks.
- Information risk and security-related best practices, policies, standards, and regulations, including areas such as International Organization for Standardization (ISO) 27001, Information Security Form (ISF), Payment Card Industry (PCI) Data Security Standard, and data privacy.
- Emerging risk and threat landscape in the power utilities, retail energy, or oil and gas industries.
You will also possess the following skills:
- Ability to work under pressure and cope with competing demands.
- Knowledge of general IT infrastructure and protocols.
- Knowledge of Unix/Linux/Windows Administration and Logging.
- Bachelor's degree preferred (but not essential) in area(s) of study such as information technology, computer science, information systems; or related field, or high school diploma with relevant work experience.
- Understanding of possible attack activities (e.g., network probing/ scanning, Denial-of-service attack (DDOS), malicious code activity, etc.), would be advantageous.
- General knowledge of Network Security appliances (IDS, Firewall, VPN management, configuration and tuning, Intrusion Prevention), would be advantageous.
- General knowledge of Network and Application Protocols (IP, TCP, UDP, FTP, HTTP, DNS, routing, etc.), would be advantageous.
- Knowledge of the following technologies would be advantageous: leading Security Information and Event Management (SIEM) technologies, IDS/IPS, network- and host- based firewalls, data leakage protection (DLP), web proxy filtering, email filtering.
Ideally you will possess one of these qualifications: GIAC Certified Intrusion Analyst, Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), CompTIA Security+, Information Systems Examination Board (ISEB)