Job Description Protect SVB by providing predictable and timely response to cyber security threats, incidents, andor requests for investigation utilizing industry leading tools and practices. Develop playbooks and automation for repeatable tasks to speed the investigation of and provide accurate and consistent response to security events. Provide expert forensic analysis of the digital component of investigations and regulatory requests from SVB business units. This position assists and trains less experienced analysts and works with them to complete complex investigations and research. This position is expert in many cyber security domains such that others within the business unit and other business units collaborate to share this employee's knowledge. This position works both independently and as a leader on collaborative teams to accomplish complex projects. This position conceives, designs, develops, and leads complex training exercises designed to prepare other analysts, engineers, and investigators for response tasks, test our tools and processes, and report the results of these exercises to compliance where they will be available to internal audit and regulators. This position defines and leads projects in support of security strategy and processes. This position leads incident response including steps to minimize the impact and then conducting a technical and forensic investigation into how an incident happened, the extent of the damage, and document with recommendations for security and process improvements. This position may be required to testify in court if necessary. LI-BA1 dicepost Qualifications Knowledge Knowledge of a wide variety of enterprise wide IT systems such as operating systems, directory services, cloud services, mobile device management, virtualization, network devices, network protocols, web servers, databases and firewalls. Knowledge of Windows, Mac and Linux operating systems. Knowledge of Windows, Mac and Linux forensics. Knowledge of enterprise and host forensic tools to perform detailed investigations of computer and network-based incidents. The imagination and analytical thought process needed to perform all manner of investigations involving digital data. Unbridled curiosity. Proven ability to coordinate work efficiently and effectively with team members and business partners in local and remote locations. Knowledge and experience in advanced log analysis. Scripting experience a plus. Skills Knowledge of legal and regulatory requirements for financial services. Demonstrated group and project leadership skills. Experience leading incident response andor computer forensics investigations. Experience in leading other investigations (HR, Legal, compliance, regulator requests, etc.). Communication proficiency, oral and written. Ability to clearly document investigative and research findings. Coordinate efforts among legal, human resources, corporate compliance, law enforcement, and outside information security emergency handling agencies. A productive team player. Problem solvinganalysis. Experience investigating account take over and other attacks against web-based services. Experience reviewing alerts and log data from a wide variety of sources. Experience evaluating OS logs, application logs, firewall, IPS, sand boxing, host security, network devices, vulnerability management, DLP, network forensics, etc. in investigations. Experience in memory forensics. Experience in mobile device forensics. Using large data sets to hunt for security issues. Collect and preserve evidence following industry best practices and established procedures. Lead gap assessments, upgrade paths, bug fixes and necessary workarounds for new IT security issues. Participate in on-call rotation. Competencies Experience reviewing alerts and log data from a wide variety of security solutions. Experience conducting forensics on Windows, Mac and Linux based computers. Understanding of how systems get infected and common malware behavior. Ability to interact with executives in a professional manner on sensitive investigations. Maintain knowledge of the latest threats. Continually learn new technology and best practices for incident response. Use investigation findings to recommend security posture improvements (identify gaps). Lead the forensic investigation efforts and the post mortem sessions for computer security incidents. Thorough work ethic, attention to detail. Skills of perception and QA, ability to identify vulnerabilities and overall issues.