Incident Response Manager
Job Description Summary
This position will function as the lead investigator for security incidents (blue team). Daily responsibilities will include monitoring security event logs through the SIEM tool, opening cases for investigation, collecting evidence and bringing in subject matter experts as needed to re-mediate security issues. The lead investigator will also be able to leverage the managed services provider and other security experts on the team. Will require occasional on-call rotation and some travel (less than 5%) as necessary.
- Monitoring all operations, networks and infrastructure for security issues and investigate an incident as needed.
- Monitor internal and external policies for compliance.
- Develop security standards and best practices for the organization.
- Plan and carry out an organization’s Incident Response plan (IR).
- Manage end-to-end incident response investigations
- Identify and investigate intrusions to determine the cause and extent of the breach, by leveraging SIEM and other tooling
- Conduct host forensics, network forensics, log analysis, and malware analysis in support of incident response investigations
- Conduct Threat Hunting across networks with indicators of compromise, hunting for evidence of a compromise
- Conduct incident response within various Cloud platforms
- Identify attacker tools, tactics, and procedures to develop indicators of compromise
- Develop and implement mitigation and remediation plans in conjunction with incident response
- Form and articulate expert opinions based on findings
- Produce comprehensive and accurate oral and written reports and presentations for both technical and executive audiences
- Effectively communicate and interface with stakeholders, both technically and strategically from the executive level, to clients and legal counsel
- Collaborate well with a highly experienced and diverse team of talent, in support of one mission – providing expert incident response services to CCC clients
- Provides support for complex computer network exploitation and defense techniques to include deterring, identifying and investigating computer and network intrusions.
- Provides technical support for a comprehensive risk management program identifying mission critical processes and systems; current and projected threats; and system vulnerabilities.
- Drive lessons learned and remediation activities throughout the organization.
- Recommend security enhancements to management or senior staff.
- Work with legal compliance, litigation, and privacy for forensics review of company assets.
- A minimum 5 years of IT Security Incident Management
- Bachelor’s degree or equivalent preferred.
- Global problem and incident management experience
- Experience with legal operations and working with a SOC/NOC
- Hands-on experience with security and access technologies
- Experience with prevention and threat detection devices
- Understanding of NIST Framework
- Passion and Personal Accountability
- Guidance Encase Forensics and chain of custody knowledge
- Ability to communicate, verbally and in writing, at all levels in the organization and with external contacts in an articulate, professional manner while maintaining necessary degree of confidentiality; strong presentation skills.
- Ability to work in a fast-paced environment as part of a team.
- Ability to work with highly confidential and sensitive data and information.
- Ability to build and sustain successful, professional relationships.
- Strong project management skills and the ability to define and execute a program of work.
- Ability to take ownership of an initiative/issue thru completion
- Proactive approach, able to work on multiple parallel activities in a fast-paced environment and adapt quickly to changing priorities.
Why Choose CCC:
We promote a healthy work-life balance and offer generous benefit plans and resources designed with employee satisfaction in mind.
What we value is simple - customers, employee commitment, collaboration and clear communication.
We hire people who will embrace the company’s goals and productively contribute in ways that help us serve the customer, innovate, and stay strong.
We make it a priority to keep employees healthy, happy and enriched.
- Healthy - Wellness programs, competitive medical benefit offerings
- Happy – Recognition programs, a confidential employee assistance program, Perkspot/employee discount program and potentially flexible work arrangements such as staggered start times
- Enriched – Tuition reimbursement, training and learning programs, and leadership development opportunities
Our corporate headquarters is located in downtown Chicago within the historic Merchandise Mart—a certified LEED (Leadership in Energy and Environmental Design) building.
Please Note: Contingent Workers, Field Inventory Representatives and Interns are not eligible for the benefits above.
CCC Information Services was recognized by Forbes as one of America’s Best Mid-Sized Employers in 2018 and ranked #17 in the Top 100 Digital Companies in Chicago in 2017 by Built In Chicago.
CCC is ready to help you shift your career into high gear. Let's get started!