Job Openings

Information Security Incident Response Lead

Twitter Facebook
Location
Nashville, TN
Job Type
Direct Hire
Date
Nov 15, 2019
Job ID
2678258





Information Security Incident Response Lead

Nashville, TN


 











 

The Incident Response (IR) Lead is part of the Threat & Vulnerability Management Team supporting the broader Information Security and Compliance organization. The IR Lead is responsible for leading the in-depth investigation of security related incidents including analyzing networks, hosts and data to determine attack vectors, establish a timeline of activity, and identify the extent of the compromise. The IR Lead should be able to work effectively with minimal support from management and be able to coordinate the IR related activities of other teammates. The IR Lead will be responsible for leading Incident Response Investigations from start to finish.

 

Qualifications

  • Bachelor’s Degree in Computer Science, Information Security, or other relevant areas.
  • Minimum of 5-7 years of incident response or digital forensics experience.
  • Demonstrated expert understanding of the life cycle of network threats, attacks, attack vectors, and methods of exploitation with an understanding of intrusion tactics and techniques.
  • Knowledge of TCP/IP Protocols, network analysis and network/security applications, including log and network traffic capture analysis.
  • Experience with EnCase, FTK, SIFT, Volatility, Splunk, Magnet, ELK/Logstash, WireShark, Carbon Black, or other open source forensic/log analysis/network analysis tools.
  • Knowledge of industry standard frameworks – NIST, ISO, HIPAA, PCI.
  • Self-motivated and comfortable working both independently and as part of a team.
  • Strong interpersonal communication skills (verbal & written); ability to work across business functions including Legal, HR, and Communications teams.
  • Aptitude to learn technical concepts, and ability to manage multiple tasks and projects.

Preferred Qualifications:



  • Advanced degree or Industry certifications such as CISSP, Ethical Hacking, GCFE, or CIH
  • Candidate should be able to demonstrate additional knowledge and experience in the field of information security.

Responsibilities





  • Lead incident response activities through forensic investigations, containment of security incidents, and provide guidance on long term remediation recommendations.
  • Investigate potential data breaches and malicious activity leveraging forensics tools; analyze Windows, Linux, and Mac OS X systems to identify Indicators of Compromise (IOCs); examine firewall, web, database, and other log sources to identify evidence of malicious activity.
  • Evaluate the security program, technologies, controls, and business environments; and provide recommendations and develop enhancements.
  • Work with other analysts and direct incident response activities including tracking and logging
  • Coordinate with leadership team(s) on incident activities including the CISO, CIO, Legal, HR and Communications and other related business units.
  • Assist with developing Information Security Plans, Policies and Playbooks, specifically those related to Incident Response.
  • Coordinating IR Table Top exercises and simulations.
  • Provide recommendations on solutions to help manage information security risk.
  • Track emerging security practices and contribute to building internal processes and improving response capabilities.
  • Stay abreast of the current industry trends and related implications.


 


Must Have

Bachelor’s Degree in Computer Science, Information Security, or other relevant areas. Minimum of 5-7 years of incident response or digital forensics experience. Demonstrated expert understanding of the life cycle of network threats, attacks, attack vectors, and methods of exploitation with an understanding of intrusion tactics and techniques. Knowledge of TCP/IP Protocols, network analysis and network/security applications, including log and network traffic capture analysis. Experience with EnCase, FTK, SIFT, Volatility, Splunk, Magnet, ELK/Logstash, WireShark, Carbon Black, or other open source forensic/log analysis/network analysis tools. Knowledge of industry standard frameworks – NIST, ISO, HIPAA, PCI. Self-motivated and comfortable working both independently and as part of a team.



 

Preferred
Advanced degree or Industry certifications such as CISSP, Ethical Hacking, GCFE, or CIH Candidate should be able to demonstrate additional knowledge and experience in the field of information security.