Cyber Incident Response Lead, Network Specialist (US Remote)

Company Description

Ready to make a difference? Experian has evolved into a global tech company and leader in data and analytics. We're passionate about unlocking the power of data in order to transform lives and create opportunities for consumers, businesses and society. We're a constituent of the FTSE 30 and for more than 125 years we've helped economies and communities flourish – and we're not done.

Discover the Unexpected - Our 22k amazing employees in 30+ countries believe the possibilities for you, and the world, are growing. We're investing in the future, through new technologies, talented people and innovation so we can help create a better tomorrow. To do this we employ 'big-thinkers' and 'can-doers' that share our purpose #uniquelyexperian

Job Description

As a member of Experian's Global Security Office (EGSO)/Global Cyber Incident Response Team (GCIRT), you will respond, contain, escalate, investigate, and coordinate mitigation of security events relative to anomalies detected and escalated by the Cyber Fusion Centre (CFC) according to Experian's Incident Response Plan. The member will respond to and analyze security incidents involving threats targeting Experian information assets. These threats may include phishing, malware, network attacks, and suspicious activity. You will provide specialized support for complex network attacks or matters requiring an understanding of networking. You will also work with end-users, technical support teams, and management to ensure remediation and recovery from these threats. The Lead will use data collected from endpoints, environmental logging, and a variety of other sources to maximize containment and eradication of threats, while expediting recovery of the business. You will guide the Incident Response Team SLO Goals and performance, improve Incident Response process documentation, and coordinate the team training. You will be accountable for the Incident Response tower personnel management strategy.

You will report to the CFC Sr. Manager of Cyber Incident Response.

What you'll be doing

The Team Lead executes operational processes and procedures daily. Your role will involve the detailed and repeatable execution of all operational tasks documented in the Wiki and Incident Response Plan.

• Respond to cyber security events and alerts associated with threats, intrusions, and compromises per SLO
• Manage multiple cases related to security incidents throughout the incident response lifecycle, including Analysis, Containment, Eradication, Recovery, and Lessons Learned
• Identify best methods to recover from different security incidents, and provide recommendations to prevent incidents from re-occurring in the future
• Coordinate successful conclusion of security incidents according to processes and procedures, and escalate severe incidents according to Experian's Incident Response Plan
• Maintain all case documentation, including notes, analysis findings, containment steps, and cause for each assigned security incident
• Maintain a foundational understanding of common Operating Systems (Windows, Linux, Mac OS), and Security Technologies (Anti-Virus, Intrusion Prevention, etc.), and advanced/specialization in Networking (Firewalls, Proxies, etc.)
• Interpret device and application logs from a variety of sources (e.g. Firewalls, Proxies, Web Servers, System Logs, Splunk, Packet Captures, etc.) to identify cause and determine next steps for containment, eradication, and recovery
• Follow all documented GCIRT playbooks, standards, processes, and procedures (GCIRT xWiki)
• Maintain GCIRT Shift Logs for period worked. Verify Shift Logs are completed and accurate by L1 analysts
• Update and document all assigned security incidents at least every (3) business days. Coordinate coverage for any cases that need updating while out on leave or holiday
• Perform incident updates or contact with the end-user to be done every 24 hours and documented case notes
• Maintain assigned caseload and move incidents through each phase of the IR Lifecycle with a goal to complete cases within 5 business days
• Follow case hand-off procedure, assisting other GCIRT Team Members with their caseload while they are off-shift
• Provide advanced support to other GCIRT Analysts (logs review, IP Block question)
• Lead local resources to ensure the team meets SLOs and follow Incident Response process, procedures, and playbooks
• Support overall direction for the GCIRT and input to the security strategy
• Work with GCIRT team to resolve any case discrepancies or breach of SLOs,
• Ensure the GCIRT Team follows approved process, procedures, and playbooks
• Coordinate training of new GCIRT Analysts
• Monitor open incidents in the GCIRT Board and make sure they are being updated/worked

Qualifications

What your background looks like

• 8+ years' of experience working within a Security Operations Center or Cyber Security Incident Response Team
• Demonstrated knowledge of Incident Response and Investigative Methodology, with competence in incident response related to network attacks and network forensic analysis
• Must have an in-depth knowledge of network protocols (TCP/IP, UDP, ICMP, etc.), standard protocols (HTTP/S, DNS, SSH, SMTP, SMB, etc.), wireless networking, networking infrastructure, and network topologies (DMZ, VPN, WAN, etc.) and network technologies (WAF, IPS, Routers, Firewalls, etc.)
• Experience with commercial and open-source SIEMs, full packet capture tools, and network analysis tools (Splunk, Wireshark, SOF-ELK, etc.)
• Experience with reverse engineering network protocols, conducting historical analysis using network layer traffic flow (i.e. NetFlow, VPC Flow Logs, etc.), decrypting captured SSL/TLS traffic, identifying anomalies and patterns in network traffic, and extracting files from network packet captures and proxy cache
• Demonstrated knowledge of common network intrusion methods and cyber-attack tactics, techniques, and procedures (TTPs)
• Exhibit skills using common Incident Response and Security Monitoring applications such as SIEM (Splunk), EDR (FireEye HX, CrowdStrike Falcon, McAfee mVision EDR, etc.), WAF, IPS, etc.
• Communicate complex and technical issues, verbally and in writing, in an easily understood and actionable manner
• Must work well with a global team-oriented environment
• Must have at least one certification involving incident response, ethical hacking, or cyber security (i.e. GCIH, E|CEH, E|CIH etc.), or network forensics (GIAC Network Forensic Analyst (GNFA), NICCS Certified Network Forensics Examiner (CNFE))
• Hold one Security Management certification (i.e. ISC2 CISSP, CISM, etc.) or obtain such within the first two years as a Cyber Incident Response Team Lead
• Bachelor's Degree in Computer Science, Computer Engineering, Information Security, or related experience working within a Security Operations Centers or Cyber Security Incident Response Team
• As a Team Lead, you will have a regular Monday – Friday schedule with flexibility to work a shift schedule (including nights and weekends) as required

Perks

• 20 days of vacation accrued annually, five sick days, and two volunteer days (plus twelve paid holidays)
• Great compensation package and comprehensive benefits package, with a bonus target of 15%
• This role can be 100% remote long-term or you can work out of one of our offices
• People-focused culture where personal and professional growth is prioritized
• Recognition and celebration of performance and achievements
• Power to bring your whole self to work – where your differences and values will be respected and celebrated
• Employee Resource Groups set up and run by employees, for employees. These networks build, celebrate, and further understanding of the diverse identity and experiences within Experian, to support our commitment to diversity and inclusion
• International network of peers; mentorship programs

Additional Information

All your information will be kept confidential according to EEO guidelines.

Experian is proud to be an Equal Opportunity and Affirmative Action employer. Our goal is to create a thriving, inclusive and diverse team where people love their work and love working together. We believe that diversity, equity and inclusion is essential to our purpose of creating a better tomorrow. We value the uniqueness of every individual and want you to bring your whole, authentic self to work. For us, this is The Power of YOU and and it reflects what we believe. See our DEI work in action!

Please contact us at [email protected] to request the salary range of this position (please include the exact Job Title as it reads above in your email). In addition to a competitive base salary and variable pay opportunity, Experian offers a comprehensive benefits package including health, life and disability insurance, generous paid time off including 12 company paid holidays and parental and family care leave, an employee stock purchase plan and a 401(k) plan with a company match.

Experian Careers - Creating a better tomorrow together

Find out what its like to work for Experian by clicking here