IT Security Incident Manager
Buchanan Technologies
Charlottetown, PE

IT Security Incident Manager

Full Time Permanent

Charlottetown, PEI

Buchanan Technologies is currently seeking an IT Security Incident Manager in Charlottetown, PEI. Working in our IT Support Center operations and as a member of the Information Security leadership team, the Security Incident Manager plays an important role in helping to define the direction for the team and managing security incident response activities; drives, implements, and manages security incident response procedures using a variety of tools and technologies to rapidly identify and respond to threats.

ESSENTIAL JOB FUNCTIONS

  • Develops tactical response procedures for security incidents
  • Perform incident triage and handling by determining scope, urgency and potential impact thereafter identifying the specific vulnerability and recommending actions for expeditious remediation.
  • Ability to analyze data, such as logs or packets captures, from various sources within the enterprise and draw conclusions regarding past and future security incidents.
  • Document incidents from initial detection through final resolution.
  • Coordinate with and act as subject matter expert to resolve incidents by working with other information security specialists to correlate threat assessment data.
  • Maintain and expand related information security metrics.
  • Reviews alerts and data from systems and responds accordingly, including documentation and escalation.
  • Recommends and implements mitigating actions to contain incident related activity
  • Mentors junior staff to advance their skills and knowledge to promote professional growth
  • Recommends security enhancements to management

STANDARD MINIMUM REQUIREMENTS

Education:

  • Bachelor’s degree from a four-year college or university; or one to two years related experience and/or training; or equivalent combination of education and experience

Experience:

  • A minimum of seven years’ experience in technology roles that provide a background in IT areas such as software development, infrastructure, operations, and incident response.
  • A minimum of three years’ experience acting in a security incident response role with responsibility of analyzing alerts/threats, responding accordingly, developing incident response plans and procedures.
  • Previous experience using a SIEM to analyze and correlate activity.
  • Knowledge of Active Directory log events
  • Previous experience identifying indicators of compromise and writing custom alerts.
  • Previous supervisory experience and proven success in managing technical teams.
  • Knowledgeable in security technologies, procedures, and best practices to include functions such as Web Application Firewalls, Intrusion Detection Systems, File Integrity Monitoring, and Vulnerability Scanning
  • Experience providing technical requirements to various development and infrastructure teams.
  • Experience automating repeatable tasks.
  • Experience integrating security technologies and procedures into continuous delivery environments.
  • Information Security Incident Response Handler certification preferred.
  • High level of ethical hacker knowledge and understanding of malware/ransomware.
  • Understanding of network and system intrusion and detection methods; examples of related technologies include Splunk and other SIEM tools
  • Ability to operate Linux workstations, servers.
  • Ability to build, maintain, and operate a sandbox lab environment.
  • Comfortable analyzing malicious artifacts in a safe manner such as potentially malicious websites, emails and malware
  • Excellent written and verbal communication skills with the ability to express thoughts clearly and accurately, know how to listen, and contribute in a client-facing environment.
  • High Level of Competence with Microsoft Excel for manipulating, sorting, combining, and creating pivot tables.
  • Ability to multitask and work independently with minimal direction and maximum accountability

CORE RESPONSIBILITIES

  • Leads, manages and coordinates the response to a Security Incident (Single point of contact)
  • Liaises with technical support teams to identify and implement containment and remediation actions.
  • Runs the investigation and facilities the security aspect of Major Incident management activities and communicates to ensure confidentially and security requirements are met during the process
  • Maintains Security Incident record including decision, meeting minutes and incident chronological timeline
  • Ensures other stakeholders are timely involved or consulted where needed (Legal, HR, Physical Security)

PREFERRED SKILLS AND EXPERIENCE

  • Advanced security qualification such as CISSP (Certified Information Systems Security Professional) certifications.
  • Knowledge with working with MSSP consoles like Symantec, FireEye or SecureWorks.
  • Excellent written and verbal communication skills as well as business acumen and a commercial outlook

Job Type: Full-time

Experience:

  • Incident Management: 3 years (Preferred)