Direct Client Incident Response Lead/Cyber Security Consultant Opening
Open for C2C or W2
Remote NOW but after COVID onsite at Client site - no relocation expense is covered
Duration: 6+mnths extendable goes to an yr
Location: Initially remote but later onsite( Northville, MI or Plano, TX)
Rate: Ideally $60-68/hr C2C DOE.
Note: For W2 candidates rate would be a bit lower since we would incur overhead cost
- The IR Lead is responsible for Designing, Transitioning & maintaining service and operations of day-to-day CSIRT service.
- Plan, design, establish robust CSIRT process and service, align with SOC.
- Lead the design, implementation, operation and maintenance of CSIRT service
- Participate in the creation, review and update of CSIRT functionality for the organization. Provide complex technical advice, recommendations and consultancy on networks, infrastructure, products and services supplied
- Determine the most effective way to protect computers, networks, software, data and information systems against any possible attacks.
- Analyze IT cyber security operations and systems, hardware configurations, physical security, and operating procedures across organization.
- Implement security risk analysis for current and new systems to find system weaknesses or disclosures.
- Recommend solutions to stakeholder to strengthen IT Cyber Security Framework
- Prepare security program plans and execute IT controls, processes, audit tools, interfaces and utilities for authentication.
- Conduct information security management reviews.
- Ensure technical implementation and business processes are aligned
- Research security standards, security systems and authentication protocols
- Define, implement and maintain corporate security policies and procedures
- Respond immediately to security-related incidents and provide a thorough post-event analysis
- Update and upgrade security systems as needed
- Provide technical supervision for (and guidance to) a CSIRT Team.
High level Scope
- Establish IR service and scope. Leverage SOC/IR service provider capability
- Conduct incident handling and response efforts classifying, escalating and remediating incidents.
- Coordinate the technical response and investigation efforts with regional investigators
- Advise related investigators on containment on rapid system and service recovery. Adjusting/implementing triaging protocols and update Incident Response Plan
- Handling various security tools available at client site including vulnerability management, SIEM to analyze indicator of compromise
- Provide training and coaching for CSIRT team
- Incident classification, Incident Coordination
- Notify CSIRT members and/or appropriate personnel, and regularly updating the Cyber Security Incident status.
- Determine and assigns the severity levels
- Monitor and review the incident status to determine if the incident should be reclassified
- Conduct analysis of security incidents and perform root cause analysis
- Assists with containment of threats and remediation of environment during or after security incidents.
- Create final report with lessons learned
- Manage 3 rd party vendor services as needed.
- Post-incident Reflection
- Analyze Cause of incidents and support counter measure planning
- Initiating follow-up actions to reduce likelihood of recurrence, as appropriate
- Security Incident Trend Analysis. Investigating new security vulnerabilities, threats and proper response o Suggest counter measures for Kaizen activities.
- Incident Response Plan improvement. Tests and updates the Incident response plan periodically
- Report and Documentation. Documents and records decisions, actions, procedures, pertaining to incident response plan
- Information Dissemination. Disseminate security incident trend information from Japan CSIRT and external sources
- BA/BS degree or higher in International Relations, Security Studies, Intelligence Studies, Cyber Security, Computer Science, or related field
- 10+ years of experience in the field of Cyber Security preferably with Fortune 500 company.
- 4+ years of experience in managing CSIRT & SOC operation for organization.
- 3+ years of experience leading high-functioning teams
- Experience with collecting, analyzing, and interpreting qualitative and quantitative data from multiple sources
- Experience in managing SOC/IR service provider
- Ability to handle high pressure situations with key stakeholders
- Proficient in Incident Management and Response
- In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.
- Experience in threat management
- Proficient in preparation of reports, dashboards and documentation
- Excellent communication and leadership skills
- Good Analytical skills, Problem solving and Interpersonal skills
- Experience with cyber, incident response and digital forensics, security engineering, security operations, computer network operations, information operations, information warfare, or topical cyber
Thanks & Regards,
Raj Lakhani | IT Director | Veritis Group, Inc.
1231 Greenway Drive, Suite 1040, Irving, TX 75038
Phoneext. 105 | Cell: | Fax:
AWS Select Partner | HashiCorp Partner | Docker Partner
- provided by Dice