Incident Responder, Level : between Confirmed & Senior
at Vector Synergy
Ispra, Lombardia, Italy -
Start Date | Expiry Date | Salary | Posted On | Experience | Skills | Telecommute | Sponsor Visa |
---|---|---|---|---|---|---|---|
Immediate | 22 Jul, 2024 | Not Specified | 28 Apr, 2024 | 1 year(s) or above | Gpen,Scripting Languages,Reverse Engineering,Security Operations,Regular Expressions,Java,Ips,Cfce,Ssh,Syslog Ng,Bash,Cyber Security,Python,Snmp,Vulnerability,Databases,Ftp,Gcih,Web Applications,Perl,Network Security,Ids,Assessment,Ruby,Operating Systems | No | No |
Required Visa Status:
Citizen | GC |
US Citizen | Student Visa |
H1B | CPT |
OPT | H4 Spouse of H1B |
GC Green Card |
Employment Type:
Full Time | Part Time |
Permanent | Independent - 1099 |
Contract – W2 | C2H Independent |
C2H W2 | Contract – Corp 2 Corp |
Contract to Hire – Corp 2 Corp |
Description:
SKILLS, KNOWLEDGE, EXPERIENCE REQUIRED:
- At least three years of experience as an Incident Handler/Responder;
- Two to four years of experience in networking (TCP/IP, SNMP, DNS, Syslog-ng, etc.;
- At least one year of experience with STIX (Structured Threat Information Expression) with a particular focus on the following related standards:
- CybOX (Cyber Observables);
- CAPEC (Attack Patterns);
- MAEC (Malware);
- TAXII (Threat Information Exchange);
- At least 1 certification in the field of incident handling:
- GCIH (GIAC Certified Incident Handler);
- GCIA (GIAC Certified Intrusion Analyst);
- ECIH (EC-Council Certified Incident Handler);
- CSIH (SEI Certified Computer Security Incident Handler);
- SCPO (SABSA Certified Security Operations &Service Management Practitioner) or an equivalent certification recognized internationally (subject to
- acceptance as a valid credential by the Contracting EU-I)credential by the Contracting EU-I);
- At least 1 certification among:
- GPEN (GIAC Certified Penetration Tester);
- GCED (GIAC Certified Enterprise Defender);
- GPPA (GIAC Certified Perimeter Protection Analyst);
- GCFE (GIAC Certified Forensic Examiner);
- GCFA (GIAC Certified Forensic Analyst) GNFA (GIAC Certified Network Forensic Analyst);
- CFCE (IACIS Certified Forensic Computer Examiner);
- CCFP (Certified Cyber Forensics Professional);
- SCMO (SABSA Certified Security Operations &Service Management Specialist) or an equivalent certification recognized internationally (subject to acceptance as a valid credential by the Contracting EU-I);
- Sound knowledge and experience of IT security issues and a solid background in the following areas:
- Operating Systems security, experience working with multiple operating systems;
- Anti-virus technologies;
- Network security:
- Practical understanding of common TCP/IP-based services and protocols including DNS, DHCP, HTTP, FTP, SSH, SMTP, etc.;
- Firewall theory, proxies/reverse proxies, IDS/IPS, full packet capture analysis, etc.;
- Application level security: web applications, databases, secure development.
- Vulnerability assessment and handling;
- Hands-on experience in:
- Malware reverse engineering and handling malicious code incidents;
- Systems (file and memory) and network forensics analysis, Products/Tools Associate Confirmed Senior Encase Enterprise and Encase Cyber Security or FTK/AD Enterprise or Mandiant MIR Sift workstation/Sleuth kit with tools such as FTK, EnCase Enterprise;
- Knowledge of development languages and scripting languages such as Python, C/C++, Java, JavaScript, Perl, or Ruby, regular expressions, Linux shell/BASH, Windows PowerShell.
Responsibilities:
- Collecting from and correlating with information sources;
- Assessing incoming incident reports and performing efficient triage;
- Acknowledging alerts from/to reporter;
- Confirming and classifying the incidents;
- Opening an incident in the workflow system, identifying the stakeholders, and notifying them;
- Assigning the case to the appropriate incident handlers and initiating the incident handling process;
- Continuously improving incident response plans and playbook entries;
- Defining and carrying out security incident identification measures;
- Overseeing the ongoing analysis activities (Forensics or Reverse Engineering) and analyzing data to build a comprehensive view of the incident;
- Maintaining and sharing incident documentation;
- Elaborating the map of the attack/incident (i.e., with tools like MS Visio, Maltego, etc.);
- Building a reliable timeline of the incident;
- Maintaining a situation report using relevant information-sharing tools (i.e., web portal, wiki);
- Defining response strategy (and presenting it to the management for approval), including: Identification, data collection, and analysis, containment, eradication, recovery;
- Defining and carrying out containment measures, eradication measures, recovery measures;
- Providing technical assistance to all stakeholders;
- Coordinating incident response;
- Participating in cyber-crisis management and coordination;
- Preparing and maintaining action plans;
- Drafting meeting minutes and reports;
- Following up on the execution of actions decided by the crisis committee;
- Arranging crisis logistics (meetings, etc.);
- Examining available information and supporting evidence or artifacts related to an incident;
- Performing risk, impact, and damage assessments;
- Conducting post-mortem identification of lessons learned and recommendations to improve security controls such as mitigating the risk of re-occurrence;
- Drafting incident reports tailored for management and technical peers;
- Communicating efficiently during the identification, containment, eradication, recovery, and post-mortem incident response activities;
- Maintaining and continuously improving the standard incident response toolkit;
- Feeding sensors with extracted indicators of compromise;
- Interfacing with other experts;
- Securely handling, analyzing, and exchanging cybersecurity information with relevant stakeholders and trusted partners for Technology and Security watch;
- Contributing to awareness trainings;
- Providing activity reports to management to demonstrate service SLA and service quality.
VECTOR SYNERGY sp. z o.o., ul. Marcelińska 90, 60-324 Poznań, NIP PL7811857270, REGON 301575740, KRS: 0000369575
Rejestr Przedsiębiorców KRS prowadzony przez Sąd Rejonowy Poznań – Nowe Miasto i Wilda w Poznaniu, VIII Wydział Gospodarczy KRS,
kapitał zakładowy wynosi: 73.852,80 złotych wpłacony w całości, TEL +48 616684500, FAX +48 616684501, www.vectorsynergy.com, info@vectorsynergy.co
REQUIREMENT SUMMARY
Min:1.0Max:6.0 year(s)
Information Technology/IT
IT Software - Network Administration / Security
Software Engineering
Graduate
At least 1 certification in the field of incident handling:
Proficient
1
Ispra, Lombardia, Italy