Job Description
Job Description:
- The CIRT Operations Team provides 24x7 threat monitoring of client and its global enterprise estate. Incident Responders engage in the following tasks, but are not limited to:
- Monitor and triage, that includes analysis, investigation, and disposition, and documentation, of alerts generated from security tools, following established playbooks.
- Respond, mitigate, and support the eradication of security incidents across endpoint, network, email and cloud attack surfaces, that are generated by the SOAR tool and ticketing system, with guidance from peer teams and / or leadership.
- Documents and logs incident management activities via the Incident Management System (IMS)
- Prepared to communicate and escalate security incidents to CIRT Leadership, as well as operate as an incident commander and central point of contact for wider technology teams within the major incident management framework, if needed
- Maintain, expand where necessary and update playbooks, processes, procedures, and other documentation for use during triage / investigate incidents including response strategies for severe incidents and key attack scenarios
- Generates incident response products (i.e., metrics and reports)
- Collaborate with other Engineering and Operations teams to troubleshoot, respond, and improve detection capabilities
- Support the identification and enhancement of both technical and organizational controls to continually improve the enterprise security program. ACL Digital
Job Tags