Cyber Incident Response Lead - Advanced Response Team

at Experian
  • Remote - United States

Remote

Cybersecurity

Senior

Job description

Company Description

Experian is a global data and technology company, powering opportunities for people and businesses around the world. We help to redefine lending practices, uncover and prevent fraud, simplify healthcare, create marketing solutions, and gain deeper insights into the automotive market, all using our unique combination of data, analytics and software. We also assist millions of people to realise their financial goals and help them save time and money.

We operate across a range of markets, from financial services to healthcare, automotive, agribusiness, insurance, and many more industry segments.

We invest in people and new advanced technologies to unlock the power of data. As a FTSE 100 Index company listed on the London Stock Exchange (EXPN), we have a team of 22,500 people across 32 countries. Our corporate headquarters are in Dublin, Ireland. Learn more at experianplc.com

Job Description

As a member of Experian’s Global Security Office (EGSO)/Cyber Fusion Center (CFC), you will respond, contain, escalate, investigate, and coordinate mitigation of security events relative to anomalies detected and escalated by the Cyber Fusion Center according to Experian’s Incident Response Plan. As an individual contributor, this team member will join a new, growing team of specialized, advanced responders to support escalations of complex and prioritized matters from Experian’s existing 24x7 security monitoring and response functions, responsible for responding to and analyzing security incidents involving threats targeting Experian information assets. You will work with end-users, technical support teams, and management to ensure remediation and recovery from these threats.

You will report to the Senior Manager, Global Incident Response.

Responsibilities:

  • Conduct advanced incident response activities to investigate and contain complex or larger-scale cybersecurity matters.
  • Orchestrate workstreams across teams (Forensics and Cyber Threat Hunting) and explain the CFC’s overall understanding of the timeline of attacker activity so that appropriate containment and remediation actions can be coordinated.
  • Respond to cyber security events and alerts associated with threats, intrusions, or compromises per any applicable SLOs.
  • Manage multiple cases related to security incidents throughout the incident response lifecycle, including Analysis, Containment, Eradication, Recovery, and Lessons Learned.
  • Coordinate successful conclusion of security incidents according to Process & Procedures, and escalate severe incidents according to Experian’s Incident Response Plan.
  • Maintain case documentation, including notes, analysis findings, containment steps, and cause for each assigned security incident.
  • Maintain assigned caseload and move incidents through each phase of the IR Lifecycle, handing off cases as needed for progress.
  • Maintain an understanding of common Operating Systems (Windows, Linux, Mac OS), Security Technologies (Anti-Virus, Intrusion Prevention), and Networking (Firewalls, Proxies).
  • Interpret device and application logs from a variety of sources (Firewalls, Proxies, Web Servers, System Logs, Splunk, Packet Captures) to identify the root cause and determine the next steps for containment, eradication, and recovery.
  • Mentor and provide advanced support to analysts (Logs review, IP Block question).
  • Support overall direction for the CFC and input to the security strategy.

Qualifications

Your background:

  • Bachelor’s Degree in Computer Science, Computer Engineering, Information Security, or a related field, or 8+ years of experience working within Security Operations Centers or Cyber Security Incident Response Teams.
  • Demonstrated knowledge of Incident Response and Investigative Methodology.
  • Must have knowledge of network protocols (TCP/IP, UDP, ICMP), standard protocols (HTTP/S, DNS, SSH, SMTP, SMB), wireless networking, networking infrastructure, and network topologies (DMZ, VPN, WAN) and network technologies (WAF, IPS, Routers, Firewalls).
  • Experience with commercial and open-source SIEMs, full packet capture tools, and network analysis tools (Splunk, Wireshark, SOF-ELK).
  • Exhibit skills using common Incident Response and Security Monitoring applications such as SIEM (Splunk), EDR (FireEye HX, CrowdStrike Falcon, McAfee mVision EDR), WAF, IPS.
  • Demonstrated knowledge of common intrusion methods and cyber-attack tactics, techniques, and procedures (TTPs).
  • Have at least one certification involving incident response, ethical hacking, cyber security (GCIH, E CEH, E CIH), or network forensics (GIAC Network Forensic Analyst (GNFA), NICCS Certified Network Forensics Examiner (CNFE)).
  • Hold one Security Management certification (ISC2 CISSP, CISM) or obtain such certification within the first two years as a Cyber Incident Response Lead.
  • This role has a regular Monday – Friday schedule, with the expectation to participate in an on-call schedule or work outside of normal work hours to respond to cybersecurity incidents.

Benefits/Perks:

  • Great compensation package and bonus plan.
  • Core benefits including medical, dental, vision, and matching 401K.
  • Flexible work environment, ability to work remote, hybrid or in-office.
  • Flexible time off including volunteer time off, vacation, sick and 12-paid holidays.

Additional Information

Our uniqueness is that we celebrate yours. Experian’s culture and people are important differentiators. We take our people agenda very seriously and focus on what matters; DEI, work/life balance, development, authenticity, collaboration, wellness, reward & recognition, volunteering… the list goes on. Experian’s people first approach is award-winning; World’s Best Workplaces™ 2024 (Fortune Top 25), Great Place To Work™ in 24 countries, and Glassdoor Best Places to Work 2024 to name a few. Check out Experian Life on social or our Careers Site to understand why.

Our compensation reflects the cost of labor across several U.S. geographic markets. The base pay range for this position is listed above. Within this range, individual pay is determined by work location and additional factors such as job-related skills, experience, and education. This position is also eligible for a variable pay opportunity and a comprehensive benefits package.

Experian is proud to be an Equal Opportunity Employer for all groups protected under applicable federal, state and local law, including protected veterans and individuals with disabilities. Innovation is an important part of Experian’s DNA and practices, and our inclusive workforce allows everyone to succeed and bring their whole self to work. If you have a disability or special need that requires accommodation, please let us know at the earliest opportunity.

#LI-Remote

This is a remote position.

Share this job:
Please let Experian know you found this job on Remote First Jobs 🙏

Similar Remote Jobs

Latest Jobs at Experian

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service 🙏

Apply