Incident Response Team Lead

Summarized Purpose:

AnIncident Response Team Lead’s jobis to actively monitor systems and networks for intrusions and look for potential gaps in the organization’s infrastructure and make recommendations around mitigating these vulnerabilities

Leads the design, development and implementation of network security technology projects including the planning, research , analysis and testing phases to ensure efficient information flow in a secure systems environment. Assists in the development of strategic security plans and designs, implementation of best practices and guidelines and recommends the selection of securit y tools and platforms in order to protect the confidentiality, integrity and availability of company data. Works on complex issues where analysis of situations or data requires an in - depth evaluation of variable factors. Having wide - ranging experience, uses professional concepts and company objectives to resolve complex of Network, Telecommunication, or IT Security System and Architecture issues in creative and effective ways. Some barriers to entry exist at this level (e.g., dept/peer review). Level at which career may plateau. Determines methods and procedures on new assignments and may coordinate activities of other personnel (i.e., Team Lead). Exercises judgment in selecting methods, techniques and evaluat ion criteria for obtaining results. Frequent contacts with internal personnel and outside customer representatives at various management levels concerning operations or scheduling of specific phases of projects or contracts. Creates formal networks with ke y contacts outside own area of expertise. Protecting enterprise systems and information by promptly responding to security threats and incidents, acting individually and as part of a team to resolve issues Proactively hunting for threats and enacting identification, containment, and eradication measures while supporting recovery efforts. Act as subject matter expert to provide insight and guidance to colleagues engaging in prevention measures. Analyzing cyber security incidents to solve issues and improve incident handling procedures Receive Tier 2/3 incident escalation from detection operations and assist with real-time, continuous (24x7) security event monitoring, response, and reporting Proactive coordination with appropriate departments during a security incident – management, legal, security, operations, and others. Conducting research regarding the latest methods, tools, and trends in digital forensics analysis Creating thorough reports and documentation of all incidents and procedures; presenting findings to team and leadership on a routine basis

Education and Experience:

Bachelor's degree or equivalent and relevant formal academic / vocational qualification

Previous experience that provides the knowledge, skills, and abilities to perform the job (c omparable to 8 years’ in network communication, systems administration and/or IT security systems in addition to training in advanced applications, including minimum of 5 years experience in network security or IT security systems project management) or e quivalent combination of education, training, & experience.

Years of experience refers to typical years of related experience needed to gain the required knowledge, skills , and abilities necessary to perform the essential functions of the job. Years of experience are not to be used as the only determining factor in establishing the job class or making employment selection decisions .

Summarized Purpose:

AnIncident Response Team Lead’s jobis to actively monitor systems and networks for intrusions and look for potential gaps in the organization’s infrastructure and make recommendations around mitigating these vulnerabilities

Leads the design, development and implementation of network security technology projects including the planning, research , analysis and testing phases to ensure efficient information flow in a secure systems environment. Assists in the development of strategic security plans and designs, implementation of best practices and guidelines and recommends the selection of securit y tools and platforms in order to protect the confidentiality, integrity and availability of company data. Works on complex issues where analysis of situations or data requires an in - depth evaluation of variable factors. Having wide - ranging experience, uses professional concepts and company objectives to resolve complex of Network, Telecommunication, or IT Security System and Architecture issues in creative and effective ways. Some barriers to entry exist at this level (e.g., dept/peer review). Level at which career may plateau. Determines methods and procedures on new assignments and may coordinate activities of other personnel (i.e., Team Lead). Exercises judgment in selecting methods, techniques and evaluat ion criteria for obtaining results. Frequent contacts with internal personnel and outside customer representatives at various management levels concerning operations or scheduling of specific phases of projects or contracts. Creates formal networks with ke y contacts outside own area of expertise. Protecting enterprise systems and information by promptly responding to security threats and incidents, acting individually and as part of a team to resolve issues Proactively hunting for threats and enacting identification, containment, and eradication measures while supporting recovery efforts. Act as subject matter expert to provide insight and guidance to colleagues engaging in prevention measures. Analyzing cyber security incidents to solve issues and improve incident handling procedures Receive Tier 2/3 incident escalation from detection operations and assist with real-time, continuous (24x7) security event monitoring, response, and reporting Proactive coordination with appropriate departments during a security incident – management, legal, security, operations, and others. Conducting research regarding the latest methods, tools, and trends in digital forensics analysis Creating thorough reports and documentation of all incidents and procedures; presenting findings to team and leadership on a routine basis

Education and Experience:

Bachelor's degree or equivalent and relevant formal academic / vocational qualification

Previous experience that provides the knowledge, skills, and abilities to perform the job (c omparable to 8 years’ in network communication, systems administration and/or IT security systems in addition to training in advanced applications, including minimum of 5 years experience in network security or IT security systems project management) or e quivalent combination of education, training, & experience.

Years of experience refers to typical years of related experience needed to gain the required knowledge, skills , and abilities necessary to perform the essential functions of the job. Years of experience are not to be used as the only determining factor in establishing the job class or making employment selection decisions .

Education and Experience:

Bachelor's degree or equivalent and relevant formal academic / vocational qualification

Previous experience that provides the knowledge, skills, and abilities to perform the job (c omparable to 8 years’ in network communication, systems administration and/or IT security systems in addition to training in advanced applications, including minimum of 5 years experience in network security or IT security systems project management) or e quivalent combination of education, training, & experience.

Years of experience refers to typical years of related experience needed to gain the required knowledge, skills , and abilities necessary to perform the essential functions of the job. Years of experience are not to be used as the only determining factor in establishing the job class or making employment selection decisions .

Knowledge, Skills and Abilities : Must have a deep understanding of computer intrusion activities, incident response techniques, tools, and procedures Thorough knowledge of digital forensics methodology as well as security architecture, system administration, and networking (including TCP/IP, DNS, HTTP, SMTP) Knowledge of operating systems including Linux/Unix,Windows and Splunk SIEM Experience with security assessment tools such as NMAP, Netcat, Nessus, and Metasploit is a plus. Excellent written and verbal communication skills Excellent organization, time management, and attention to detail Must be action-oriented and have a proactive approach to solving issues Ability to work individually and as part of a team Demonstrated expertise of network, operating systems, programming, cloud, telecommunication, and/or IT security technologies and platforms

Management Role:

No management responsibility

Working Conditions and Environment: Work is performed in an office environment with exposure to electrical office equipment. Long, varied hours may be required. Off hours application support required Some travel may be required. Constant exposure t o high pressure, intense concentration. Frequent interaction with clients/associates required.

Physical Requirements : Frequently stationary for 6 - 8 hou rs per day. Repetitive hand movement of both hands with the ability to make fast, simple, repeated movements of the fingers, hands, and wrists. Frequent mobility required. Occasional crouching, stooping, bending and twisting of upper body and neck. Light to moderate lifting and carrying (or otherwise moves) objects including luggage and laptop computer with a maximum lift of 15 - 20 lbs. Ability to access and use a variety of computer software developed both in - house and off - the - shelf. Ability to communicate information and ideas so others will understand; with the ability to listen to and understand information and ideas presented through spoken words and sentences. Frequently interacts with others to obtain or relate information to diverse group s. Works independently with little guidance or reliance on oral or written instructions and plans work schedules to meet goals. Requires multiple periods of intense concentration. Performs a wide range of variable tasks as dictated by variable demands and changing conditions with little predictability as to the occurrence. Ability to perform under stress. Ability to multi - task. Regular and consistent attendance.

Education and Experience:

Bachelor's degree or equivalent and relevant formal academic / vocational qualification

Previous experience that provides the knowledge, skills, and abilities to perform the job (c omparable to 8 years’ in network communication, systems administration and/or IT security systems in addition to training in advanced applications, including minimum of 5 years experience in network security or IT security systems project management) or e quivalent combination of education, training, & experience.

Years of experience refers to typical years of related experience needed to gain the required knowledge, skills , and abilities necessary to perform the essential functions of the job. Years of experience are not to be used as the only determining factor in establishing the job class or making employment selection decisions .

Knowledge, Skills and Abilities : Must have a deep understanding of computer intrusion activities, incident response techniques, tools, and procedures Thorough knowledge of digital forensics methodology as well as security architecture, system administration, and networking (including TCP/IP, DNS, HTTP, SMTP) Knowledge of operating systems including Linux/Unix,Windows and Splunk SIEM Experience with security assessment tools such as NMAP, Netcat, Nessus, and Metasploit is a plus. Excellent written and verbal communication skills Excellent organization, time management, and attention to detail Must be action-oriented and have a proactive approach to solving issues Ability to work individually and as part of a team Demonstrated expertise of network, operating systems, programming, cloud, telecommunication, and/or IT security technologies and platforms

Management Role:

No management responsibility

Working Conditions and Environment: Work is performed in an office environment with exposure to electrical office equipment. Long, varied hours may be required. Off hours application support required Some travel may be required. Constant exposure t o high pressure, intense concentration. Frequent interaction with clients/associates required.

Physical Requirements : Frequently stationary for 6 - 8 hou rs per day. Repetitive hand movement of both hands with the ability to make fast, simple, repeated movements of the fingers, hands, and wrists. Frequent mobility required. Occasional crouching, stooping, bending and twisting of upper body and neck. Light to moderate lifting and carrying (or otherwise moves) objects including luggage and laptop computer with a maximum lift of 15 - 20 lbs. Ability to access and use a variety of computer software developed both in - house and off - the - shelf. Ability to communicate information and ideas so others will understand; with the ability to listen to and understand information and ideas presented through spoken words and sentences. Frequently interacts with others to obtain or relate information to diverse group s. Works independently with little guidance or reliance on oral or written instructions and plans work schedules to meet goals. Requires multiple periods of intense concentration. Performs a wide range of variable tasks as dictated by variable demands and changing conditions with little predictability as to the occurrence. Ability to perform under stress. Ability to multi - task. Regular and consistent attendance.