Incident Responder, Level : between Confirmed & Senior

at  Vector Synergy

SKILLS, KNOWLEDGE, EXPERIENCE REQUIRED:

• At least three years of experience as an Incident Handler/Responder;
• Two to four years of experience in networking (TCP/IP, SNMP, DNS, Syslog-ng, etc.;
• At least one year of experience with STIX (Structured Threat Information Expression) with a particular focus on the following related standards:
• CybOX (Cyber Observables);
• CAPEC (Attack Patterns);
• MAEC (Malware);
• TAXII (Threat Information Exchange);
• At least 1 certification in the field of incident handling:
• GCIH (GIAC Certified Incident Handler);
• GCIA (GIAC Certified Intrusion Analyst);
• ECIH (EC-Council Certified Incident Handler);
• CSIH (SEI Certified Computer Security Incident Handler);
• SCPO (SABSA Certified Security Operations &Service Management Practitioner) or an equivalent certification recognized internationally (subject to
• acceptance as a valid credential by the Contracting EU-I)credential by the Contracting EU-I);
• At least 1 certification among:
• GPEN (GIAC Certified Penetration Tester);
• GCED (GIAC Certified Enterprise Defender);
• GPPA (GIAC Certified Perimeter Protection Analyst);
• GCFE (GIAC Certified Forensic Examiner);
• GCFA (GIAC Certified Forensic Analyst) GNFA (GIAC Certified Network Forensic Analyst);
• CFCE (IACIS Certified Forensic Computer Examiner);
• CCFP (Certified Cyber Forensics Professional);
• SCMO (SABSA Certified Security Operations &Service Management Specialist) or an equivalent certification recognized internationally (subject to acceptance as a valid credential by the Contracting EU-I);
• Sound knowledge and experience of IT security issues and a solid background in the following areas:
• Operating Systems security, experience working with multiple operating systems;
• Anti-virus technologies;
• Network security:
• Practical understanding of common TCP/IP-based services and protocols including DNS, DHCP, HTTP, FTP, SSH, SMTP, etc.;
• Firewall theory, proxies/reverse proxies, IDS/IPS, full packet capture analysis, etc.;
• Application level security: web applications, databases, secure development.
• Vulnerability assessment and handling;
• Hands-on experience in:
• Malware reverse engineering and handling malicious code incidents;
• Systems (file and memory) and network forensics analysis, Products/Tools Associate Confirmed Senior Encase Enterprise and Encase Cyber Security or FTK/AD Enterprise or Mandiant MIR Sift workstation/Sleuth kit with tools such as FTK, EnCase Enterprise;
• Knowledge of development languages and scripting languages such as Python, C/C++, Java, JavaScript, Perl, or Ruby, regular expressions, Linux shell/BASH, Windows PowerShell.

• Collecting from and correlating with information sources;
• Assessing incoming incident reports and performing efficient triage;
• Acknowledging alerts from/to reporter;
• Confirming and classifying the incidents;
• Opening an incident in the workflow system, identifying the stakeholders, and notifying them;
• Assigning the case to the appropriate incident handlers and initiating the incident handling process;
• Continuously improving incident response plans and playbook entries;
• Defining and carrying out security incident identification measures;
• Overseeing the ongoing analysis activities (Forensics or Reverse Engineering) and analyzing data to build a comprehensive view of the incident;
• Maintaining and sharing incident documentation;
• Elaborating the map of the attack/incident (i.e., with tools like MS Visio, Maltego, etc.);
• Building a reliable timeline of the incident;
• Maintaining a situation report using relevant information-sharing tools (i.e., web portal, wiki);
• Defining response strategy (and presenting it to the management for approval), including: Identification, data collection, and analysis, containment, eradication, recovery;
• Defining and carrying out containment measures, eradication measures, recovery measures;
• Providing technical assistance to all stakeholders;
• Coordinating incident response;
• Participating in cyber-crisis management and coordination;
• Preparing and maintaining action plans;
• Drafting meeting minutes and reports;
• Following up on the execution of actions decided by the crisis committee;
• Arranging crisis logistics (meetings, etc.);
• Examining available information and supporting evidence or artifacts related to an incident;
• Performing risk, impact, and damage assessments;
• Conducting post-mortem identification of lessons learned and recommendations to improve security controls such as mitigating the risk of re-occurrence;
• Drafting incident reports tailored for management and technical peers;
• Communicating efficiently during the identification, containment, eradication, recovery, and post-mortem incident response activities;
• Maintaining and continuously improving the standard incident response toolkit;
• Feeding sensors with extracted indicators of compromise;
• Interfacing with other experts;
• Securely handling, analyzing, and exchanging cybersecurity information with relevant stakeholders and trusted partners for Technology and Security watch;
• Contributing to awareness trainings;
• Providing activity reports to management to demonstrate service SLA and service quality.
  VECTOR SYNERGY sp. z o.o., ul. Marcelińska 90, 60-324 Poznań, NIP PL7811857270, REGON 301575740, KRS: 0000369575
  Rejestr Przedsiębiorców KRS prowadzony przez Sąd Rejonowy Poznań – Nowe Miasto i Wilda w Poznaniu, VIII Wydział Gospodarczy KRS,
  kapitał zakładowy wynosi: 73.852,80 złotych wpłacony w całości, TEL +48 616684500, FAX +48 616684501, www.vectorsynergy.com, info@vectorsynergy.co