CSIRT / Incident Response

Day to Day:

Our financial services client is looking for a CSIRT to join their team in a 24x7 SOC environment. The CSIRT position is a member of the Information Protection and Risk Management team and works closely with other members of the IPRM program to develop and implement a comprehensive approach to the management of security risks at the client. The candidate will work with subject matter professionals drawn from other teams within IPRM to lead the response to cyber security threats and incidents.

Day to day responsibilities include:

* Lead investigations into information security events / incidents.

* Ensure that use cases create alerts.

* Maintain and improve the Cyber Security Incident Response plan

* Drive efforts towards containment of threats and remediation of environment during or after an incident.

* Perform sophisticated security investigations and root cause analyses.

* Ensure that all incidents are recorded and supervised to meet audit and legal requirements

* Assist in building/reviewing use cases to be incorporated into client's response process for real time alerting and SOAR automation.





$62/hr to $72/hr



Exact compensation may vary based on several factors, including skills, experience, and education.



Benefit packages for this role will start on the 31st day of! employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401K retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.



We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.

To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/ .

Qualifications

* 5+ years of Cyber Security Incident Response experience in an enterprise environment

* Experience leading investigations/forensics to detect, investigate, and respond to threats

* AWS and/or Azure cloud experience: GuardDuty, CloudTrail, M365, etc.

* Experience developing use case libraries and ensuring use cases generate alert conditions

* SOAR automation experience or knowledge

* Security mitigation solution experience

* Cyber hunting practices/exercises using SIEM, Enterprise search tools, etc.

Pluses:

* SANS Certifications

* Cloud or Security Certifications

* Any Palo Alto experience

Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.