The Cybersecurity Incident Response (CSIR) Lead is responsible to ensure the efficient and effective triage and response to cybersecurity events and/or incidents. The CSIR team Lead will be responsible to ensure that alerts are analysed timely and cybersecurity incidents are responded to swiftly.
Responsibilities
- Strategic planning for investment and/or adoption of cybersecurity technologies to maximize effectiveness of cybersecurity controls against rapidly evolving threats
- Work closely with internal and external stakeholders to support the analysis of alerts and management of cybersecurity incidents
- Ensure that the Response team can efficiently and effectively analyse and respond to alerts and/or incident while following the appropriate procedures and playbooks
- Lead and drive the management of cybersecurity incidents as the cybersecurity incident response manager
- Drive continuous improvement of the Incident Response framework, Cybersecurity Event Management and Incident Response Plan, Standard Operating Procedures and Playbooks for alerts analysis and incident response.
- Drive continuous improvement of the Digital Forensic Standard Operating Procedures.
- Mentor, train and provide oversight for cybersecurity analysts and digital forensic & incident responders
- Track and analyse cybersecurity metrics for optimal effectiveness, benchmarking and management reporting
Requirements / Qualifications
- 15 or more years of experience in security operations especially in the area of cybersecurity incident response and digital forensic
- Experience in conducting detailed investigations and analysis of cyber security alerts
- Strong interpersonal skills with the ability to communicate with internal and external stakeholders including explaining technical concepts to non-technical recipients (technical and non-technical)
- Ability to work independently but proactive in reaching out for support
- Familiarity with the Cyber Kill Chain Methodology, MITRE ATT&CK Framework, NIST Cybersecurity Framework (CSF), etc.
- Bachelor and/or Master degree in Computer Science, Engineering or equivalent
- Relevant certifications in cybersecurity, e.g. CISSP, GCFE, GREM, GCIA, GCIH, EnCE or similar