IT Security Incident Manager
Full Time Permanent
Buchanan Technologies is currently seeking an IT Security Incident Manager in Charlottetown, PEI. Working in our IT Support Center operations and as a member of the Information Security leadership team, the Security Incident Manager plays an important role in helping to define the direction for the team and managing security incident response activities; drives, implements, and manages security incident response procedures using a variety of tools and technologies to rapidly identify and respond to threats.
ESSENTIAL JOB FUNCTIONS
- Develops tactical response procedures for security incidents
- Perform incident triage and handling by determining scope, urgency and potential impact thereafter identifying the specific vulnerability and recommending actions for expeditious remediation.
- Ability to analyze data, such as logs or packets captures, from various sources within the enterprise and draw conclusions regarding past and future security incidents.
- Document incidents from initial detection through final resolution.
- Coordinate with and act as subject matter expert to resolve incidents by working with other information security specialists to correlate threat assessment data.
- Maintain and expand related information security metrics.
- Reviews alerts and data from systems and responds accordingly, including documentation and escalation.
- Recommends and implements mitigating actions to contain incident related activity
- Mentors junior staff to advance their skills and knowledge to promote professional growth
- Recommends security enhancements to management
STANDARD MINIMUM REQUIREMENTS
- Bachelor’s degree from a four-year college or university; or one to two years related experience and/or training; or equivalent combination of education and experience
- A minimum of seven years’ experience in technology roles that provide a background in IT areas such as software development, infrastructure, operations, and incident response.
- A minimum of three years’ experience acting in a security incident response role with responsibility of analyzing alerts/threats, responding accordingly, developing incident response plans and procedures.
- Previous experience using a SIEM to analyze and correlate activity.
- Knowledge of Active Directory log events
- Previous experience identifying indicators of compromise and writing custom alerts.
- Previous supervisory experience and proven success in managing technical teams.
- Knowledgeable in security technologies, procedures, and best practices to include functions such as Web Application Firewalls, Intrusion Detection Systems, File Integrity Monitoring, and Vulnerability Scanning
- Experience providing technical requirements to various development and infrastructure teams.
- Experience automating repeatable tasks.
- Experience integrating security technologies and procedures into continuous delivery environments.
- Information Security Incident Response Handler certification preferred.
- High level of ethical hacker knowledge and understanding of malware/ransomware.
- Understanding of network and system intrusion and detection methods; examples of related technologies include Splunk and other SIEM tools
- Ability to operate Linux workstations, servers.
- Ability to build, maintain, and operate a sandbox lab environment.
- Comfortable analyzing malicious artifacts in a safe manner such as potentially malicious websites, emails and malware
- Excellent written and verbal communication skills with the ability to express thoughts clearly and accurately, know how to listen, and contribute in a client-facing environment.
- High Level of Competence with Microsoft Excel for manipulating, sorting, combining, and creating pivot tables.
- Ability to multitask and work independently with minimal direction and maximum accountability
- Leads, manages and coordinates the response to a Security Incident (Single point of contact)
- Liaises with technical support teams to identify and implement containment and remediation actions.
- Runs the investigation and facilities the security aspect of Major Incident management activities and communicates to ensure confidentially and security requirements are met during the process
- Maintains Security Incident record including decision, meeting minutes and incident chronological timeline
- Ensures other stakeholders are timely involved or consulted where needed (Legal, HR, Physical Security)
PREFERRED SKILLS AND EXPERIENCE
- Advanced security qualification such as CISSP (Certified Information Systems Security Professional) certifications.
- Knowledge with working with MSSP consoles like Symantec, FireEye or SecureWorks.
- Excellent written and verbal communication skills as well as business acumen and a commercial outlook
Job Type: Full-time
- Incident Management: 3 years (Preferred)