Candidate profile details:

• Years of experience: 3-5
• Interaction with Stakeholders: 60% within the team – 40% within bank
• Team Size: 12 people on shifts at any given time -very collaborative
• Project: will be working on Shift queues
• Selling Point of the position: Very strong team background, sense of humor, consistent sense of sharing and always someone to help
• How will performance be measured: Reports on tickets sent to manager and touchpoints with manager

Best vs Average Candidate:

• Have 3 years’ experience cyber security, strong team player, looking to contribute, have an investigation mindset and adapt to changes.

Summary of day-to-day responsibilities:

• We are looking for someone to guide a group of Cybersecurity Incident and Forensic first responders. You will provide specialized expertise on Cybersecurity Events, Incidents, and Digital Forensics.
• You will support learning and growth of our team members as a guide in Threat Defense Operations with a focus on mitigating risks to protect bank.
• You may also participate on projects of moderate to high complexity and provide complex reporting, analysis, and assessments at the functional, business line or enterprise level.
• Moderate to advanced hands-on experience on all modern operating systems, roles base access, internal files structures, registries, and data storage.
• Moderate to advanced experience as an Incident Manager working on complex information security and cybercrime-related incidents, requiring coordination with internal and external enterprise teams, as well as third parties, vendors, partners, etc.
• Moderate experience working cybersecurity events and incidents related to network layer 7/application and internet facing attacks
• Moderate to advanced experience briefing executives related to cybercrime and information security incident triage, incident containment, and incident recovery
• Moderate to advanced experience authoring complex communications related to cybercrime and information security incident triage, incident containment, and incident recovery
• Moderate to advanced experience authoring and maintaining playbooks and other process/governance documentation

Here are the essential job functions of this position:

• The candidate should be continuing to advance their knowledge, skills and abilities in all cybersecurity domains (Incident Response, Forensics, Offensive cybersecurity, Cybersecurity intelligence and cybersecurity risk management)
• Able to complete hands-on-keys L1 and L2 responsibilities when necessary.
• Possesses the ability to mentor and guide junior analysts through completing L1 and L2 investigations.
• Has a solid foundation, knowledge, skills and technical ability to investigate any cybersecurity events, tuning requirement for bank’s cybersecurity control plane, and debug alerts to evaluate legitimacy and accuracy.
• Oversee shift operations and ensure 24x7x365 operational coverage is met. Ensure conflicts with meetings, breaks and other engagements are managed to always ensure proper coverage.
• Distribute workload among the shift members to ensure quality and accuracy of investigations, priority and adherence to SLO/SLAs
• Ensure the SLA for event investigations are not breached and escalate to CSOC Senior Leaders any alerts or investigations that are subject to SLA breach as per procedure.
• Possesses the ability to perform hands-on peer reviews on closed L1 alerts and closed L2 investigations
• Consult with L3 and Fusion Incident Management to provide shift resources for open or ongoing investigations for L3 events and open incidents.
• Manage the regional shift handovers and ensure the starting shift/region has everything needed to pick-up any open cases and drive to closure
• Lead the shift transfer process, Accountable for all tasks, but encouraged to use the entire Work as a liaison between their shift, other shifts, CSOC Senior Leaders, CSOC Senior Managers and other teams, communicating concerns and relaying pertinent information
• The candidate is responsible for delivering communications for process/workflow changes or updates and monitor the effective execution of the process/workflow
• Assist with scheduling, assuring coverage and reporting to management 24/7 on team members absence (sick, emergency, etc.)
• Utilization of the QA Daily, Incidents and L1/L2 dashboards to manage event handling
• Attendance to the Fusion situational calls

Must have:

• 3+ years of practical or relevant experience and knowledge of IT security and Incident Management practices across multiple domains.
• Candidate should possess moderate to strong hands-on experience in all modern Operating Systems (Window/NIX/Cloud/Mobile)
• Candidate should possess strong hands-on experience with traditional incidents response detection tools such as SIEM, EDR, XDR, Firewall, WAF, email proxies, NIDS, and equivalent
• Strong knowledge of organization, technology controls, cybersecurity, and risk assessment issues
• Exp working with Azure, defender, sentinel

Soft skill must haves:

• Strong leadership and people building skills within IT and Cybersecurity
• Demonstrated ability to participate in complex, comprehensive or large projects and initiatives
• Ability to serve as a lead expert resource in technology controls and information security for project teams, the business, organization, and outside vendors

Nice To Have:

• Information Security Certification / Accreditation are an asset.