senior cyber security incident response
core42
Total years of experience :8 years, 8 Months
Led the CSIRT in analyzing and responding to cyber security incidents, utilizing advanced tools and techniques to identify, contain, and eradicate threats. Orchestrated cross- functional collaboration to coordinate incident response efforts and minimize business impact.
§ Oversaw the investigation and closure of security incidents reported to the CSIRT, ensuring thorough analysis and documentation of findings.
§ Developed incident response playbooks and procedures to streamline response efforts and improve incident resolution times.
§ Conducted comprehensive analysis of threat intelligence sources to identify emerging threats and vulnerabilities. Correlated intelligence with internal security events to prioritize response activities and preemptively defend against potential attacks.
§ Led efforts in malware analysis and other attack/intrusion analysis activities to extract indicators of compromise (IOCs). Leveraged findings to strengthen security controls and enhance detection capabilities across the organization's environment.
§ Implemented continuous improvement initiatives for SIEM and EDR systems, fine-tuning configurations and rules to enhance threat detection and response capabilities. Collaborated with IT and security teams to optimize security tool deployments and maximize efficacy.
§ Managed and analyzed intelligence gathered from various sources, including Threat Intelligence Platforms (TIPs), to identify and prioritize threats. Utilized threat intelligence to inform decision-making and enhance proactive threat hunting activities.
§ Managed IOCs derived from security advisories and threat intelligence sources, ensuring timely deployment across security controls. Implemented automated IOC dissemination mechanisms to bolster defenses against known threats.
§ Conducted in-depth analysis during incident triage, leveraging a wide range of security solutions to identify root causes and potential impact. Responded promptly to phishing, spam, and malicious emails, extracting relevant IOCs and mitigating risks.
§ Maintained compliance with SLAs and operational processes, ensuring adherence to industry best practices and regulatory requirements. Regularly reviewed and refined incident response procedures to optimize efficiency and effectiveness.
Responsible for managing and leading a 24/7 Security Operations Center team providing Managed Security Services to a banking client. Developed rules to detect security threats, implemented automated alerts, and proactive measures. Conducted detailed analysis of security incidents, spam/phishing emails, and malware. Proactively hunted threats, identified brand abuse/phishing incidents, and analyzed security events from various devices. Monitored traffic for anomalies, investigated risks, and led team meetings and POC initiatives for new security technologies.