Job Description

:

The Security Incident Co-ordination Analyst has the responsibility for triaging events and alerts from security tooling and the co-ordination and management of any subsequent Cyber Security Incidents You will be a member of a dedicated SIC team that will delivering security services to a UK based public sector client and/or potentially other clients in a leveraged security team capacity.

You will be responsible for the end-to-end management of the security incident life cycle, overseeing each of the relevant stages from triage through to closure, looking to identify patterns from root causes analysis and making recommendations for improvements based on trend analysis of security incidents.

Regarding high severity/critical security incidents ( P1 and P2) you will be responsible for managing and responding to them when they occur and expected to work closely with DXC Delivery and customer teams.

Following identification of a high severity/ critical security incident, you will be responsible for the execution of a Critical Security Incident Response Plan with the effective coordination of resources across DXC\xe2\x80\x99s service lines and CISO team as needed to achieve a successful outcome.

You will be responsible for providing security incident reports and metrics concerning security incidents and investigations to the Security Delivery Lead and customer.

You will provide a professional interface when required with the customer, the delivery team, and the line management chain, thus being point of contact for operational security advice and guidance. You will also be responsible for escalations of issues as and when necessary.

Role and Responsibilities

As part of the SIC, you will:

• Monitor security tooling , conduct triage and analysis of any subsequent alerts, events and/or security incidents identified.
• Validate, verify and report protective or countermeasure solutions, both technical and administrative
• Co-ordinate and Investigate Security Incidents through to completion
• Work with other resolver groups to respond to and investigate security incidents.
• Monitor and manage functional mailboxes and respond to email enquiries from the account and clients.
• Monitor and manage security tickets queues.
• Review and raise security incidents in ticketing systems.
• Assist in the completion of security reporting to agreed timescales and quality
• Compile and present reports using Microsoft PowerPoint and Excel.

As part of the SIC, you will:

• Monitor security tooling , conduct triage and analysis of any subsequent alerts, events and/or security incidents identified.
• Validate, verify and report protective or countermeasure solutions, both technical and administrative
• Co-ordinate and Investigate Security Incidents through to completion
• Work with other resolver groups to respond to and investigate security incidents.
• Monitor and manage functional mailboxes and respond to email enquiries from the account and clients.
• Monitor and manage security tickets queues.
• Review and raise security incidents in ticketing systems.
• Assist in the completion of security reporting to agreed timescales and quality
• Compile and present reports using Microsoft PowerPoint and Excel.
• Provision of Critical Incident Response Report and lessons learnt to key stakeholders.
• Deal with legal and law enforcement-related issues as required
• Periodically review security incidents to perform trend analysis, before making recommendations to the Security Delivery Lead for potential security improvements or sales opportunities
• Respond to incidents as per playbooks and Security Incident Management Process.
• Act as an advisor to the account concerning Critical Security Advisories., responding to DXC Threat Advisories, ModCerts, Carecert and other emergency patching advisories.
• Develop and maintain a critical vulnerability management system to effectively communicate with DXC clients when a \xe2\x80\x9cZero Day\xe2\x80\x9d vulnerability is discovered e.g., SolarWinds
• Manage security information requests from the customer.
• Lead on complex and severe incidents when required and ensure that playbooks are updated or reviewed to ensure that any lessons learnt are documented and repeatable.
• Take responsibility for SOC processes and continually review them to ensure that they are current and up to date.
• Ensure that all obligations are covered off (for instance monthly reporting) to the agreed timescales and quality.
• Ensure that the Security Delivery Lead is informed of all relevant Security Incidents and Issues on the account.
• There will be a requirement that you must provide standby(on-call) cover whilst working on an agreed rota to cover high severity/critical security incidents
• There will be a requirement to work flexible hours when required e.g.,8am -4pm or 10am to 6pm.
• Due to the nature of some of our clients a current security clearance is preferable, or the being able to attain security clearance is essential.

Training

• Ensure that you perform any mandatory training in line with Enterprise / Practise requirements and deadlines
• To maintain a watching brief on threat actors and advanced persistent threats as well as continually reviewing zero-day exploits for potential issues
• Enthusiasm and desire to develop your skill and knowledge base

Essential:

• Possess experience of handling, responding, and investigating to cyber security incidents
• Possess good analytical skills.
• Experience of log analysis.
• Knowledge and experience of using Protective Monitoring Tools e.g., ArcSight, Tanium, McAfee, Symantec, MS Defender, Microsoft 365, AZURE, and Azure Sentinel

Threat and Vulnerability management experience.

• Experience of malware alert review
• Experience of working in SOCS, ticketing systems, and interacting with delivery capabilities
• Enthusiastic and committed approach with a track record of building strong, trusted base relationships with colleagues and stakeholders at all levels
• A sound working knowledge of security best practice and legislation affecting the security role
• Self-motivated and an ability to keep up to date with latest security threats and vulnerabilities and trends.
• Excellent communication, influencing, negotiating and engagement skills
• Possess good leadership skills when interacting with account delivery teams.
• Sound judgement and decision-making skills, with a \xe2\x80\x98hands on\xe2\x80\x99, problem solving approach, able to remain calm under pressure and own security incidents
• Ability to work to tight timescales.
• Ability to remain calm and focused in high pressure situations identifying business resources essential to recovery.
• Experience of writing procedures and reports,
• Ability to work as part of a team, as well as independently.

Desirable:

• Recognized security qualification e.g., CISSP or CISM or willing towards obtaining accreditation.
• Security professional with a proven experience within the security industry, the public sector, or armed services.
• Knowledge of types and sources of tools and equipment required to adequately equip an Incident Response Team.
• Knowledge of forensic requirements for collecting and presenting evidence
• Knowledge of security tools such as Splunk and Elk

DXC Technology