Centre (CFC) according to Experian's Incident Response Plan. This team member will join a new, growing team of specialized, advanced responders to support escalations of complex or prioritized matters from Experian's existing 24x7 security monitoring and response functions responsible for responding to and analysing security incidents involving threats targeting Experian information assets. These threats may include phishing, malware, network attacks, suspicious activity. Also, you will involve working with end-users, partners, technical support teams, and management to ensure remediation and recovery from these threats. Use analytics & data collected from endpoints, environmental logging, and a variety of other sources to maximise containment and eradication of threats, while expediting recovery of the business.
Please note you will have a regular Monday - Friday schedule and expectation to participate in on-call schedule or work outside of normal work hours to manage cybersecurity incidents. You will report to the CFC Senior Director of Incident Management and Security Operations.
Main Responsibilities include:
1. Conduct advanced incident response activities to investigate and contain complex and larger-scale cybersecurity matters (such as potential major severity incidents).
2. In the event of investigative matters requiring additional analytical support from teams such as Forensics and Cyber Threat Hunt workstreams across the teams and hold responsibility for expressing the CFC's overall understanding of the timeline of attacker activity so that appropriate containment and remediation actions can be coordinated.
3. Respond to security events and alerts related to threats, intrusions, and compromises per applicable SLOs.
4. Manage multiple cases related to security incidents throughout the incident response lifecycle; including Analysis, Containment, Eradication, Recovery, and Lessons Learned.
5. Maintain case documentation, including notes, analysis findings, containment steps, and causes for each security incident.
6. Maintain an understanding of common Operating Systems (Windows, Linux, Mac OS), Security Technologies (Anti-Virus, Intrusion Prevention), and Networking (Firewalls, Proxies).
7. Interpret device and application logs from various sources (e.g., Firewalls, Proxies, Web Servers, System Logs, Splunk, Packet Captures) to identify causes and determine next steps for containment, eradication, and recovery.
8. Provide advanced support to analysts (log review, IP block questions) and mentor other analysts on process questions and tool usage.
9. Must have knowledge of network protocols (TCP/IP, UDP, ICMP), standard protocols (HTTP/S, DNS, SSH, SMTP, SMB), wireless networking, networking infrastructure, network topologies (DMZ, VPN, WAN), and network technologies (WAF, IPS, Routers, Firewalls).
10. Experience with commercial & open-source SIEMs, full packet capture tools, and network analysis tools (Splunk, Wireshark, SOF-ELK).
11. Demonstrated knowledge of common intrusion methods and cyber-attack TTPs.
12. Skills using common Incident Response and Security Monitoring applications such as SIEM (Splunk), EDR (FireEye HX, CrowdStrike Falcon, McAfee mVision EDR), WAF, IPS.
Company Description: Internal Grade D. Experian is a global data and technology company, powering opportunities for people and businesses around the world. We help to redefine lending practices, uncover and prevent fraud, simplify healthcare, create marketing solutions, and gain deeper insights into the automotive market, all using our unique combination of data, analytics, and software. We also assist millions of people to realize their financial goals and help them save time and money. We invest in people and new advanced technologies to unlock the power of data. As a FTSE 100 Index company listed on the London Stock Exchange (EXPN), we have a team of 22,500 people across 32 countries. Our corporate headquarters are in Dublin, Ireland.
Job Description
As a member of Experian's Global Security Office (EGSO) / Cyber Fusion Center (CFC), you will respond, contain, escalate, investigate, and coordinate mitigation of security events related to anomalies detected and escalated by the Cyber Fusion Center.
Additional Information
* Benefits include flexible work environment, hybrid or in-office options.
* Competitive compensation and discretionary bonus.
* Core benefits: pension, healthcare, sharesave scheme, and more.
* 25 days annual leave, 8 bank holidays, 3 volunteering days, with options to purchase additional leave.
Experian is proud to be an Equal Opportunity employer. We value diversity and inclusivity, and encourage everyone to bring their whole self to work. If you require accommodations due to a disability or special need, please let us know early. #LI-Remote
Experian Careers - Creating a better tomorrow together.
#J-18808-Ljbffr