Company's offered CERT service will constitute of a designated CERT manager and a number of 1st line security incident responders, who will be responsible for receiving incident reports from several sources, doing initial analysis of the incoming incidents, gather all relevant and supporting information and escalating incidents to CERT 2nd line or to the customer whenever necessary.
The incident handler will also work together with Company or third party MSSP to make sure that all relevant information is collected and recorded before escalating the incident further.
The incident handler has good knowledge in the field of information security and incident response as well as related disciplines, such as computer networking and operating systems.
Furthermore, he needs to be able to find and distill relevant information from multiple sources and communicate his findings both internally and externally clearly and succinctly.
On a day to day basis the incident handler will work together with Company security services, Company CERT and other stakeholders to identify report and respond to security incidents in the customer's environment.
Collect supporting evidence and information from different sources based on initial analysis. Sources of information may include network traffic captures, OS or application level log files, antivirus logs, firewall logs etc.
Track the status of escalated incidents and support in response effort whenever necessary.
What we're looking for...
You'll need to have :
Bachelor's degree in Computer Science or four or more years of work experience.
Four or more years of relevant work experience.
Two or more years of experience in a dedicated security position.
Clear and concise written and oral English, including the ability to product professional-level documentation.
Strong problem-solving and security analytics skills; Need to identify, correlate and analyze information from multiple sources, such as network traffic dumps, operating logs etc.
Ability to excel in high pressure environments.
Willingness to travel.
Even better if you have :
A Master's Degree.
SANS or other Security certifications, such as GCIA, GCIH, GREM, GPEN, CEH.
Understanding the capabilities and limitations of different security technologies, such as firewalls, SIEM solutions, antivirus solutions, network / host-level intrusion detection tools etc.