Cyber Incident Response Lead

Company Description

Internal Grade D

Experian is a global data and technology company, powering opportunities for people and businesses around the world. We help to redefine lending practices, uncover and prevent fraud, simplify healthcare, create marketing solutions, and gain deeper insights into the automotive market, all using our unique combination of data, analytics and software. We also assist millions of people to realise their financial goals and help them save time and money.

We invest in people and new advanced technologies to unlock the power of data. As a FTSE 100 Index company listed on the London Stock Exchange (EXPN), we have a team of 22,500 people across 32 countries. Our corporate headquarters are in Dublin, Ireland.

• Conduct advanced incident response activities to investigate and contain complex and larger-scale cybersecurity matters (such as potential major severity incidents)
• In the event of investigative matters requiring additional analytical support from teams such as Forensics and Cyber Threat Hunt workstreams across the teams and hold responsibility for expressing the CFC's overall understanding of the timeline of attacker activity so that appropriate containment and remediation actions can be coordinated
• Respond to Security to cyber security events and alerts associated to threats, intrusions, and compromises per any applicable SLOs.
• Manage multiple cases related to security incidents throughout the incident response lifecycle; including Analysis, Containment, Eradication, Recovery, and Lessons Learned.
• Maintain case documentation, including notes, analysis findings, containment steps, and cause for each assigned security incident.
• Maintain an understanding of common Operating Systems (Windows, Linux, Mac OS), Security Technologies (Anti-Virus, Intrusion Prevention), and Networking (Firewalls, Proxies)
• Interpret device and application logs from a variety of sources (e.g. Firewalls, Proxies, Web Servers, System Logs, Splunk, Packet Captures) to identify cause and determine next steps for containment, eradication, and recovery.
• Provide Advanced Support to analysts (Logs review, IP Block question). Mentor other analysts (process question, tool usage)

• Must have knowledge of network protocols (TCP/IP, UDP, ICMP), standard protocols (HTTP/S, DNS, SSH, SMTP, SMB), wireless networking, networking infrastructure, and network topologies (DMZ, VPN, WAN) and network technologies (WAF, IPS, Routers, Firewalls)
• Experience with commercial & opensource SIEMs, full packet capture tools, and network analysis tools (Splunk, Wireshark, SOF-ELK)
• Have a demonstrated knowledge of common intrusion methods and cyber-attack tactics, techniques, and procedures (TTPs).
• Exhibit skills using common Incident Response and Security Monitoring applications such as SIEM (Splunk), EDR (FireEye HX, CrowdStrike Falcon, McAfee mVision EDR.), WAF, IPS

• Flexible work environment, working hybrid or in the office if you prefer.
• Great compensation package and discretionary bonus plan
• Core benefits include pension, bupa healthcare, sharesave scheme and more
• 25 days annual leave with 8 bank holidays and 3 volunteering days. You can purchase additional annual leave.