Information Security is critical to the ongoing success and reputation of the Specialist Computer Centre (SCC) as a Managed Security Service Provider (MSSP).
As part of SCC continuing successful growth delivering security products and Security as a Service (SECaaS).
We now have an exciting opportunity for a Security Incident Handler’ to join our Security Operations Centre (SOC) Team.
This role will see the ideal candidate working with operational and business teams, to provide end to end oversight and efficiencies of all security incidents handled by the SOC.
What I need to do
Be the Security Services point of contact to drive all cyber incidents that are managed by the SOC
Act as liaison between MIM and SOC team during major incidents
Associate Incidents with other records (i.e. Incidents, Changes, Problems, Knowledge Articles, Known Errors, etc.)
Identify Incidents for review and Create incident reports PIRs
Keep incidents status up to date through regular updates
Verify resolution with users and resolve Incidents in ITSM tool
Escalate Incidents at risk of breaching Service Level Agreement
Document troubleshooting steps and service restoration details / Create and submit knowledgebase articles
Oversee all aspects of security incident management process / workflows from evaluation to resolution
Maintain regular communication with SIEM / Platform / MIM / Infrastructure / Customer teams
Drive incidents to a conclusion based on SLAs and criticality level
Coordinate the activities of analysts and parties external to the SOC Team involved incident response
Create and Define improvements on incident playbooks
Prepare weekly / monthly incident status report and trends Identify potential problems and / or increasing trend of repetitive Incidents
Skills and Experience
Familiarity with risk management and controls frameworks, cyber kill chain and NIST Incident response life cycle
Experience with information security related activities
Experience in dealing with incidents within an ITIL framework
Working knowledge about SIEM architecture
Being able to work with a diverse set of stakeholders in the organization from technical through management.
Strong report writing and communication skills
Strong written and verbal communication in English
Understanding of crisis management, business continuity and disaster recovery procedures
Ability to understand technical topics dealing with technical teams and explain and present them to management level executives
Being able to handle multiple competing priorities in a fast-paced environment to proceed high priority tasks to a resolution
What I need to show
A minimum of 5 years’ + experience within a SOC or Incident environment
Positive personal qualities including drive, professionalism, integrity and teamwork
Security Clearance (SC) or be able willing to undergo the process to gain clearance