Int. Incident Management Analyst - 53488

Start Date: 02/10/2025 to 05/10/2025

Duration: 3 months

Extension possible: Very possible based on budget and performance

Interview Process: 2 rounds: Virtual (Manager and Sr Leads)

Work Location: Onsite

Office Space/Desk Location: Shared area and will have own desk and space

CANDIDATE PROFILE DETAILS:

Degree/Certifications Required: 5 years min experience in cyber or IT security experience Years of experience: 5 year Min Reason for request/why opened: Increase in business within department % Interaction with Stakeholders: N/A Project Scope: Increase in business within department Team Size: Merge team-16 people on shifts at any given time-very collaborative Personality Style/Team Culture: Collaborative and friendly

Selling Points of Position: Very strong team background, sense of humor, consistent sense of sharing and always someone to help Best Vs Average Candidate: Have 5 years experience, strong team player, looking to contribute and adapt to changes.

How will performance be measured: Reports on tickets actioned sent to manager and touchpoints with manager

SUMMARY OF DAY TO DAY RESPONSIBILITIES:

· We are looking for someone to guide a group of Cybersecurity Incident and Forensic first responders. You will provide specialized expertise on Cybersecurity Events, Incidents, and Digital Forensics.

· You will support learning and growth of our team members as a guide in Threat Defense Operations with a focus on mitigating risks to protect TD.

· You may also participate on projects of moderate to high complexity and provide complex reporting, analysis, and assessments at the functional, business line or enterprise level.

· Moderate to advanced hands-on experience on all modern operating systems, roles base access, internal files structures, registries, and data storage.

· Moderate to advanced experience as an Incident Manager working on complex information security and cybercrime-related incidents, requiring coordination with internal and external enterprise teams, as well as third parties, vendors, partners, etc.

· Moderate experience working cybersecurity events and incidents related to network layer 7/application and internet facing attacks · Moderate to advanced experience briefing executives related to cybercrime and information security incident triage, incident containment, and incident recovery · Moderate to advanced experience authoring complex communications related to cybercrime and information security incident triage, incident containment, and incident recovery · Moderate to advanced experience authoring and maintaining playbooks and other process/governance documentation

Here are the essential job functions of this position:

· The candidate should be continuing to advance their knowledge, skills and abilities in all cybersecurity domains (Incident Response, Forensics, Offensive cybersecurity, Cybersecurity intelligence and cybersecurity risk management) · Able to complete hands-on-keys L1 and L2 responsibilities when necessary.

· Possesses the ability to mentor and guide junior analysts through completing L1 and L2 investigations.

· Has a solid foundation, knowledge, skills and technical ability to investigate any cybersecurity events, tuning requirement for the Bank's cybersecurity control plane, and debug alerts to evaluate legitimacy and accuracy.

· Oversee shift operations and ensure 24x7x365 operational coverage is met. Ensure conflicts with meetings, breaks and other engagements are managed to always ensure proper coverage.

· Distribute workload among the shift members to ensure quality and accuracy of investigations, priority and adherence to SLO/SLAs · Ensure the SLA for event investigations are not breached and escalate to CSOC Senior Leaders any alerts or investigations that are subject to SLA breach as per procedure.

· Possesses the ability to perform hands-on peer reviews on closed L1 alerts and closed L2 investigations · Consult with L3 and Fusion Incident Management to provide shift resources for open or ongoing investigations for L3 events and open incidents.

· Manage the regional shift handovers and ensure the starting shift/region has everything needed to pick-up any open cases and drive to closure · Lead the shift transfer process, Accountable for all tasks, but encouraged to use the entire Work as a liaison between their shift, other shifts, CSOC Senior Leaders, CSOC Senior Managers and other teams, communicating concerns and relaying pertinent information · The candidate is responsible for delivering communications for process/workflow changes or updates and monitor the effective execution of the process/workflow · Assist with scheduling, assuring coverage and reporting to management 24/7 on team members absence (sick, emergency, etc.) · Utilization of the QA Daily, Incidents and L1/L2 dashboards to manage event handling · Attendance to the Fusion situational calls

MUST HAVE:

1) 5+ years of practical or relevant experience and knowledge of IT security and Incident Management practices across multiple domains.

2) Candidate should possess moderate to strong hands-on experience in all modern Operating Systems (Window/NIX/Cloud/Mobile)

3) Candidate should possess strong hands-on experience with traditional incidents response detection tools such as SIEM, EDR, XDR, Firewall, WAF, email proxies, NIDS, and equivalent

4) Advanced knowledge of organization, technology controls, cybersecurity, and risk assessment issues

SOFT SKILL MUST HAVES:

· Strong leadership and people building skills within IT and Cybersecurity · Demonstrated ability to participate in complex, comprehensive or large projects and initiatives · Ability to serve as a lead expert resource in technology controls and information security for project teams, the business, organization, and outside vendors

NICE TO HAVE

1.) Information Security Certification / Accreditation are an asset.