Incident Handler

Job purpose

The Incident Response Analyst (IR) plays a key, strategic and operational role in the development, management, and continuous improvement of IR service Delivery. This role also serves as an escalation point for significant security incidents and must be able to perform the necessary technical and managerial tasks to summarize incident related data. The Incident Response Analyst has the responsibility to perform technical analysis, document findings and recommendations, provide timelines and deliver updates and other communications to audiences ranging from internal teams and executives to our most discerning customers. The Incident Response Analyst is part of a team of security professionals whose core function is to provide continuous cybersecurity incident intake, triage, investigative response, and data analysis services for new and existing clients.

Duties and responsibilities

• Analyze technical information to determine impact and action plans, triage incidents and events for direct action.
• Participate in response activities across teams or directly with stakeholders to identify and remediate potential threats.
• Stay up to date and evaluate security trends, evolving threats, risks and vulnerabilities and apply tools and subject matter expertise to evaluate the risk in the context of the enterprise to mitigate risk. Coordinate activities with other security teams including threat intelligence, penetration testers and product groups.
• Deliver cyber incident response processes and procedures and provide routine updates.
• Maintain technical documentation including standard operating procedures and incident response processes/procedures.
• Some after-hours responsibilities and escalations including weekends and holidays in support of incidents or other events.

Qualifications

Required Qualifications

• 2+ years experience in incident response or similar information security operations role.
• Ability to Travel on short notices (Up to 30% Travel Required)
• Maintain valid travel documents at all times.
• Bilingual (French and English)

 Preferred Qualifications

• One or a combination of the following: GCIH, GCFE, GNFA, GREM
• Knowledgeable about modern security related subjects and trends, for example, Advanced Persistent Threat (APT), rootkits, Spear Phishing, and credential compromise techniques.
• Knowledge of security controls and incident response in a multi-platform environment including on-prem and cloud.
• Experience in security technologies (i.e., Incident case management, SIEM, SOAR, EDR, Intrusion Prevention, Digital Forensics)
• Proven ability to participate in large scale projects with high collaboration
• Excellent written and oral communications.
• Excellent judgment, decision making skills, and the ability to work under pressure.
• Excellent presentation skills and experience of presenting to senior management and senior leaders.
• Experience with Cloud Computing and technology.
• Experience with Unix/Linux, or work relating to OS internals or file-level forensics.

Working conditions

• This position requires 24x7 on call rotation as per the predetermined schedule
• Some evenings, weekends and possibly stat holidays will be required to be worked
• 30% of travel on short notice will be required.