Advisor, Incident Response (SRO)
Cyberjaya, MalaysiaJob ID R63693 Date posted Apr. 29, 2019
Advisor, Incident Response
The Dell Security & Resiliency organization manages the security risk across all aspects of Dell’s business. We are currently experiencing incredible growth in order to meet the security needs of the world’s largest technology company. With team members located in over 15 countries, you will have an excellent opportunity to influence the security culture at Dell and further develop your career.
Dell is a worldwide provider of information technology services and business solutions to a broad range of clients. We seek men and women who share our values, thrive in a team environment, and recognize the importance of accountability; people who strive to exceed expectations to ensure our Clients' success.
We are currently seeking an Incident Response Advisor to join our Security & Resiliency team, based in Cyberjaya, Malaysia. The ideal candidate will be responsible for investigating and reporting of major security incidents supporting all Dell business units and mergers & acquisitions. This role requires experience in all phases of Cyber Security Incident Response including preparation, analysis, notification, response, recovery, and post-mortem. The Global Incident Response Team is responsible for coordinating with IT, Legal, Human Resources, and other appropriate business units to gather incident details, assess impact, and coordinate response. This role interacts with all levels of the organization, particularly within the Global IT organization and is viewed as a subject matter expert. The focus of the role is primarily responding to security incidents, managing and consistently maturing the security incident response process to meet the needs of Dell, and building the Global Incident Response Team's technical investigative capabilities (process & technology).
- Supervises formal incident response tasks.
- To form and lead a leveraged virtual incident response team with the various global IT teams and business units and coordinates resources to effectively perform incident response tasks.
- Takes responsibility for successful execution of incident response plan.
- Presents incident response report and lessons learned to management.
- Identify and recommend process improvements.
- Provide security control enhancement recommendations based on security incident data.
- Mature the Security Incident Response process to ensure it meets the needs of the global business and is adhered to.
- To respond and perform technical security investigations on security incidents, root cause analysis, recommend and mitigate the effects caused by an incident.
- Communicate and build effective relationships with people at all levels.
- Responsible to manage and drive to closure all Audit issues to the Incident Response and Management process.
- Attend internal and vendor training if and when required.
- Communicates and educate information security risks to end-users.
- Design and coordinate cohesive responses to security events that involve multiple teams across the organization.
- Build security utilities and tools for internal use that enables you and your fellow team mates to operate at high speed and broad scale.
- Analyze large and unstructured data sets to identify trends and anomalies indicative of malicious activities.
- Perform deep dive analysis of malicious artifacts.
- Provide situational awareness on the current threat landscape and the techniques, tactics and procedures associated with specific threats.
- Reviews, analyzes and resolves difficult and complex information security incidents.
- Develops new approaches and techniques for use by others.
- Work with the Security Response Center analysts on incident response tickets and manage / prioritize queue assignments.
- Documentation and communication of findings.
- Plan and execute annual Security Incident Response tabletop exercises.
- Proven ability to think analytically and solve technical and business problems required
- Exceptional ability to analyze and distill relevant findings and determine root cause
- Ability to conduct investigations on compromised computers and servers
- Proficiency in conducting live assessments on networks, and multiple platforms
- Experience in Log and Event analysis as well as correlation of data
- Hands-on experience in building automated tools in one or more of the following languages: Python, Ruby, PowerShell, Bash, Batch, C, C++
- Strong knowledge of web technologies, networking protocols, Microsoft Windows and Linux/Unix platforms and tools
- Excellent command in English, both written and verbal
- Ability to exercise discretion and maintain confidentiality
- Excellent time management skills
- Excellent coordination skills
- Experience in project management / coordination or working in a project team
- Reliability, diligence and self-management
- Strong customer service skills
- Positive and professional attitude
- Ability to work in a dynamic and multicultural environment
- Technical experience and familiarity of various types and techniques of cyber-attacks
- 3 - 5 years hands-on experience with focus in areas such as systems, network, application, and information security
- ITIL Service Management and/or SANS Advanced Digital Forensics and Incident response qualification (FOR508) is a plus
- Tertiary qualifications in Information Systems and specialization in Information Security
- Must possess either one or more of the following certifications – CISSP, CEH, CHFI,CISA, CISM and/or PM