Senior Incident Response Specialist (+AI)

EPAM·Poland·Удалённо·5д. назад

We are looking for a Senior Incident Response Specialist with AI expertise to investigate, analyze, and respond to cybersecurity incidents. This position entails reviewing security events that could adversely affect the client (such as hacking attempts, intrusions, virus infections, information mishandling, and other security threats), offering support during major incidents and investigations, and engaging in threat hunting activities. The specialist will be responsible for defining, developing, maintaining, and routinely testing incident response procedures, along with building use cases and scenarios to counter emerging threats and enhance security monitoring and alerting capabilities.

Responsibilities

Coordinate and deliver expert technical assistance to enterprise-wide cybersecurity technicians for resolving cyber defense incidents
Correlate incident data to pinpoint specific vulnerabilities and provide recommendations enabling rapid remediation
Perform analysis of log files from multiple sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to detect potential threats to network security
Perform cybersecurity incident triage, including assessing scope, urgency, and potential impact, pinpointing the specific vulnerability, and recommending actions for rapid remediation
Conduct forensically sound initial image collection and examine them to identify possible mitigation/remediation on enterprise systems
Receive and evaluate network alerts originating from various enterprise sources and ascertain the possible causes behind such alerts
Manage real-time cybersecurity incidents (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) to support deployable Incident Response Teams (IRTs)
Track and document cybersecurity incidents from initial detection through to final resolution, and author and publish cybersecurity techniques, guidance, and reports on incident findings to relevant audiences
Apply approved defense-in-depth principles and practices, gather intrusion artifacts (e.g., source code, malware, Trojans), leverage discovered data to facilitate mitigation of potential cybersecurity incidents, and author and publish 'after action' reviews
Monitor external data sources to stay current on cybersecurity threats and determine which security issues may affect the organization
Work with threat intelligence analysts to correlate threat assessment data and report cyber incidents to the client
Build and sustain effective business relationships with internal functions, departments, and external entities including shareholders, government authorities, service providers, and vendors
Provide technical expertise for conducting market analysis on new technological developments and lead the creation of RFPs and RFQs related to Enterprise Architecture, including the negotiation of contractual terms and Service Level Agreements (SLA)

Requirements

Bachelor's degree in Information Technology, Computer Science, Information Security, or an equivalent field
At least 5 years of experience in information security or a related technology field
Proven expertise in cybersecurity incident response, threat hunting, and forensic analysis
Competence in analyzing log files from host, network traffic, and firewall or IDS sources
Familiarity with defense-in-depth principles and the collection of intrusion artifacts (source code, malware, Trojans)
Proficiency in real-time incident handling, intrusion correlation, and direct system remediation
Knowledge of threat intelligence correlation and cybersecurity reporting
Ability to work within, or in close proximity to, UAE business hours

Nice to have

CEH (Certified Ethical Hacker)
GIAC Certified Intrusion Analyst, GIAC Certified Incident Handler, or GIAC Certified Forensics Analyst
Certified Computer Forensics Examiner or Certified Reverse Engineering Analyst
CompTIA Cybersecurity Analyst (CySA+) or CompTIA Security+