Cyber Security Incident Manager

Location: Pittsburgh, PA

Job Type: Full Time / Permanent

The Cyber Security Incident Response Team (CSIRT) conducts essential cyber security incident handling activities. This is accomplished by conducting event and incident analysis, and coordinating incident containment and remediation actions. In addition, the CISRT team member is instrumental in cyber threat and vulnerability analysis and response coordination. The jobholder will be responsible for interfacing with the Security Operations Center to receive alerts and determine appropriate action. Further, the CSIRT members shape detection criteria and consult on SOC operational guidelines. This role includes cyber-security incident response across the enterprise. The jobholder will support the continuous improvement of the IT Security Incident Management Process and its initiation, and to brief all levels of executive management on security topics and to execute emergency responses during cyber-security breaches.

Responsibilities:

  • Serve as a senior-level technical resource for cyber security incident handling
  • Mentor junior CSIRT team members
  • Provide qualified guidance on and coordinate execution of identification, analysis, response and monitoring of cyber threat and vulnerabilities
  • Incident Management and Monitoring
    • Manage Security incidents. Assist in developing concepts for efficient and effective security response activities.
    • Support the crisis management process
    • Provide qualified guidance on SOC alerting conditions and necessary data sources
  • Vulnerability Management
    • Analyze and interpret results of vulnerability management activities using standard frameworks (CVSS)
    • Research and investigate new and emerging vulnerabilities, to include 0-Day events
    • Monitor vulnerability remediation activities
    • Integrate information from disparate sources and create tactical intelligence that is relevant to protecting the business.
  • Threat Management
    • Research and investigate new and emerging cyber threats and vulnerabilities through participation in external security communities.
    • Generate timely technical cyber threat intelligence assessment reports to IT management and stakeholders
    • On-call duty, with expected weekend responsibilities

Education & Experience:

  • Master’s degree in information assurance (or related field) with minimum 5 years’ experience or B.S in information assurance (or related field) with minimum of 8 years’ experience
  • Minimum 3 years’ experience on a computer security incident response team
  • Experience with identifying, analyzing, and communicating cyber threat and vulnerability information
  • Experience applying threat and vulnerability analyses models, examples include the LM Cyber Kill Chain, the Diamond Model of Intrusion Analysis, the Mitre ATT&CK Framework and the Common Vulnerability Scoring System (CVSS)
  • Knowledge of common CSIRT technologies (ex., EDR, SIEM,)
  • Knowledge of incident response in IaaS/PaaS environments (AWS, Azure)
  • Exemplary verbal and written communication skills
  • Demonstrated ability to think strategically and perform detailed, complex analysis and data interpretation • Intercultural experience
  • Proven project management experience
  • Effective interpersonal skills, out-of-the-box thinking and ability to interface with all levels of staff
  • Ability to work under pressure and deal with ambiguous situations
  • Familiarity with enterprise risk management and how cyber threats and vulnerabilities integrate into ERM efforts
  • Expertise of security concepts and best practices related to incident management, threat and vulnerability management
  • Ability to travel globally
APPLY NOW