Consulting Director - Incident Response
The Consulting Director, Information Security Response executes the evaluation, development, implementation, and monitoring of information security strategies, tools, and technologies for effectively detecting and responding to enterprise security incidents. A key aspect of this role is staying abreast of threat actor activity and leveraging an understanding of attacker behavior to drive investigations.
Essential Duties & Responsibilities
1. Establishes and governs security event detection and cyber threat hunting capabilities and serves as the subject matter expert regarding all information security incident responses for the enterprise.
2. Provides governance for and leads the information security response process; directs the response to escalated security events and drives the security incident response process.
3. Leads the evaluation, development, and implementation of security standards, procedures, and guidelines for multiple system platforms across diverse application environments.
4. Works with other senior IT and business leaders on potential data breaches. Works with E-Discovery and Forensics groups to support Human Resources, Legal, and other key stakeholders while maintaining appropriate chain of custody.
5. Provides end-to-end problem management and root cause analysis for security incidents across the Enterprise. Works with forensic vendors, penetration testers, and strategic partners to architect advanced solutions to address issues.
6. Performs and/or directs the independent analysis of complex problems and threats and provide clear and decisive mitigation strategies. This includes emulation of threat actor activity based off tactics, techniques, and procedures identified as indicators of compromise (IOCs).
May perform additional duties as assigned.
Skills, Knowledge & Abilities
1. In depth understanding of SIEM operations and the CSIRT process
2. Proven experience with industry standard security technologies, such as advanced endpoint detection technologies, threat intelligence aggregation tools, open sourced investigative technologies, EDR Technologies, and threat hunting.
3. Proven experience applying information security principles to secure platforms and prevent threats.
4. Proven ability to interact effectively with senior business leadership to effectively resolve information security incidents when necessary.
5. Working knowledge of regulations (e.g., SOX, privacy, etc.) and internal controls as they apply to IT.
6. Strong understanding of malware in static and dynamic environments and mitigation strategies to protect against it.
7. Superior analytical and problem-solving skills and the ability to effectively communicate highly technical information to business leaders.
Education & Experience
1. Bachelor’s Degree required or equivalent work experience. Master’s Degree in Computer Science or technical field preferred.
2. Minimum of ten years of information security experience
3. CISSP, GIAC, CISM or equivalent certifications preferred.