Job Description

Title - Security Incident Responder (IR) SME
As a Security Incident Responder SME, you will play a critical role in protecting client's assets and ensuring the security of client systems and data. You will be responsible for promptly identifying, assessing, and responding to security incidents to minimize their impact on our operations. This position requires a proactive mindset, strong analytical skills, and the ability to work effectively under pressure.
Responsibilities

• Leading and managing the Incident Response team (L2&L3)
• Primarily responsible for directing security event monitoring, management and response and cyber intelligence.
• Investigate and analyse security incidents to determine their cause, scope, and impact. Document incident response activities, including findings, actions taken, and lessons learned.
• Stay informed about the latest security threats, vulnerabilities, and industry best practices.
• Participate in security incident response exercises and simulations to test the effectiveness of response plans.
• Provide guidance and support to other team members on security incident response procedures and techniques.
• Collaborate with internal teams to identify and address security gaps and weaknesses in our systems and processes.
• Pinpointing the methods that attackers would use to gain access to the client's systems and underlying data, identifying exploits and weaknesses within the organizations defences.
• Uncovering inadequate security practices, password policies and other human errors using social engineering techniques. Recommending processes and procedures to mitigate against human error in future.
• Ensuring that file, directory, and login permissions are restricted to those that need access to them and no one else.
• Collate all findings together into a formal document with the report highlighting all issues uncovered together with recommended remedial actions that should be taken by the client.
• Recommending a process of penetration and vulnerability testing that the organization.
• Ability to work independently, prioritize existing projects/tasks, and proactively determine areas requiring additional attention, monitoring, or maintenance.
• Ability to understand the laws, rules, regulations, policies, procedures, standards, and guidelines governing all SOC/IR
• Having experience on creating and updating various PowerShell script for active directory and Azure AD, and O365
• Should be able to verify the client's remedial actions, providing feedback and verifying their fixes to any highlighted security issues. Often a final Penetration Test will be necessary to confirm success!
• Research and maintain proficiency in computer network exploitation, tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding, network security, and encryption.
• Providing guidance, coaching and development opportunities in a collaborative and high-performing team environment

• Analytical thinker willing to "think outside the box" to resolve customer impacting situations on first contact; understand customer risk profile.
• Extensive background of various operating systems (Window, Unix, Linux), network (firewalls. IPS, WAF, Web proxy, VPN, mail gateway), cloud (Azure % AWS) and security engineering concepts
• Knowledge of scripting languages, Microsoft Sentinel and SNOW will be advantageous.
• Knowledge on leading security framework such as ISO 27001, CE+, Mitre Telecommunication&ck, NIST-CSF,
• Strong communication and interpersonal skills, with the ability to work effectively with cross-functional teams.
• Relevant certifications such as Certified Incident Handler (GCIH), Certified Information Systems Security Professional (CISSP), or equivalent certifications are preferred.