Job Description

Description
Purpose:
As a member of the Cyber Incident Response Team within the global Cyber Incident Response (CIRC), you will play a key role in investigating security incidents identified through infrastructure monitoring. This includes addressing potential hacking attempts, intrusions, malware infections, information mishandling, and other security threats that could negatively impact VS&Co. You will also provide support during major incidents and investigations, as well as engage in ad-hoc threat hunting, purple teaming, tabletop activities.

• Conduct investigations of security incidents, providing analysis and recommending corrective actions to address identified threats
• Participate in ad-hoc threat hunting activities to proactively identify and neutralize potential security threats
• Coordinate with internal teams to support a comprehensive security response.
• Operate endpoint security and SIEM and EDR solutions to detect, analyse, and respond to cyber threats
• Serve as a focal technical lead and primary contact for complex incidents, providing hands-on investigation and support
• Conduct sophisticated

and malware analysis to understand the scope and nature of threats * Facilitate, document and manage root cause analysis and post-incident review process, including tracking all action items and lessons learned through to implementation

• Lead the full incident lifecycle, from detection and triage to containment, eradication, and recovery, ensuring the timely and effective resolution of threats
• Facilitate root cause analysis and post-incident reviews, documenting lessons learned and tracking action items for implementation to prevent future incidents
• Train, coach, and mentor junior incident responders, sharing knowledge and helping them develop the skills to handle complex situations independently
• Identify opportunities to enhance the incident response program by improving detection fidelity, developing new tools, and updating incident response playbooks
• Communicate effectively with management, stakeholders, and technical teams regarding Sev1 / Sev 2 incident progress and remediation efforts
• Proactively hunt for adversaries and potential compromises within networks, even when no active incident is reported

Business Strategy

• Possess deep functional knowledge & expertise to coach & guide associates to build process capability.
• Identify & develop SME talent in collaboration with the TL/Managers.

Relationship Management

• Work closely with the respective teams. Collaborate and build strong relationship with functional teams to ensure required support for coaching, streamlining and enhancement of processes.
• Work with cross regional partners
• Vendor management

Excellent collaboration skills and the ability to influence team members00
VS&Co provides a range of compensation for this role as shown. Your actual salary will be determined by a number of factors, including: your specific skills and experience, geographic region, or other relevant factors.
Qualifications
Education & Skill

• Bachelor's Degree in Information Technology/Information Security or equivalent experience in technology
• Strong understanding of

, , digital forensics, (e.g., Splunk), , , , and
Experienced with responding to major cyber incidents in a primarily Windows environment; experience with a heavily mixed Linux/Windows environment is a plus
Preferred someone Certified in SANS GCIH

• Familiarity with cybersecurity frameworks such as NIST,

, and ISO 27001 * Has used forensic analysis to investigate potential breaches with supporting detail to determine attack vectors, the scope of the incident, and affected systems

• Strong leadership, communication, and problem-solving skills.
• Ability to work under pressure and manage multiple security priorities.

Work Experience :

• Minimum 12-15 Years of experience, Leading Cyber Incident response teams
• Prior people / process / technology management experience
• Knowledge of cloud technologies and cloud infrastructures such as Azure, GCP, AWS, O365
• Experience with conducting log analysis across different components of a typical organisation estate (e.g. OS, network, cloud)
• Has experience in assessment/evaluate/prioritization of Security risk
• Understanding of various security controls and how they are used to detect and mitigate risk
• Prior experience in negotiating and managing security-related contracts with external providers.

Skills Required