About the Role:The Cyber Security Incident Handler is responsible for responding to security incidents targeting GM assets. The Incident Handler must be able to apply his/her experience in various system and networking technologies to validate an incident has occurred, properly scope impacted assets, and coordinate containment procedures. The Incident Handler will contribute to projects supporting both tactical and strategic security business objectives. Demonstration of leadership abilities in a large corporate environment as well as expert comprehension of malware, emerging threats, and calculating risk will be critical to success. The Incident Handler will be asked to perform the following major tasks:
- Provide on-call support to 24x7 security monitoring
- Contribute to GM cyber security incident response efforts.
- Coordinate response procedures with fellow CIRT members, other GM security teams, business partners, and executive leadership ·
- In support of identified cyber securityincidents, the Incident Handler will:
- o Perform network-centric forensic analysis(Network Security Monitoring and related disciplines)
- o Perform host-centric analysis (tactical forensicanalysis, memory analysis, malware detonation, and reverse engineering)
- o Perform log-centric analysis (application logs,operating system events, authentication data, etc.)
- · Engage in cyber threat hunting activities
- · Act as a point of escalation for other CyberDefense team members and IT constituents
- Bachelor's degree in Information Security, Computer Science, Information Systems, or relevant work experience.
- 3+ years working within the information security field, with emphasis on security operations, incident management, intrusion detection, and/or security event analysis.
- Possess strong analytical skills - able to efficiently evaluate data sources and communicate analysis effectively.
- Demonstrated ability to create tactical, ad hoc scripts to supplement existing tool base as needed.
- Experience with network security monitoringtools (Snort, Suricata, Bro, WireShark, tcpdump, NSM, etc) and with thetechniques required to properly analyze and respond to information securityevents
- Experience with endpoint detection andresponse (EDR) technology (Tanium, CarbonBlack, Falcon, etc.)
- Experience extracting and correlating largedata sets (Elastic Stack, Splunk, ArcSight)
- Experienceevaluating suspect assets using forensics applications and other host basedtools (file, memory, and disk analyzers)
- Great customer service skills.
- Advanced written and verbal communication skills.
- Demonstrated ability to work in a team environment, able to coach and mentor other team members
- Security industry certifications are a plus, e.g. CISSP, GCIA, GCIH
- 5+ years experience in security monitoring / security operations.
- Comprehensive understanding of cyber threat actors and their corresponding methods/tactics.
- Strong project management skills.