Job Title: IR-Lead
Location: Mohamed bin Zayed city, Abu Dhabi
Job Description
Injazat CFC helps defend its clients from cyber-attacks, through timely detection, investigation and
remediation of potential threats.
The Deputy IR Lead is responsible for the continuous investigation of correlated security event feeds and
the appropriate escalation in case of an identified security incident. They are the primary contact for any
suspected security incident and work together with Client’s local Computer Security Incident Response
Team (CSIRT) and remediation team on resolving incidents and remediating threats.
The Deputy IR Lead also takes part in the creation and steady improvement (fine-tuning, whitelisting,
etc.) of correlation rules, security policies, processes and procedures and other related documentation.
— The role holder is responsible for deputizing for the Incident Response Lead in managing the day to
day availability of the CFC IR function.
— Responsible for ensuring that incident response SLAs are met and risks are managed effectively.
— Responsible for managing situational awareness across the team through metrics / KPIs / KRIs
incident status.
— Act as Subject Matter Experts for analysis functions, providing support on more involved cases and
guiding the activity of other analysts through collaboration
— Investigate incidents using SIEM technology, packet captures, reports, data visualization, and pattern
analysis.
— Analyze, escalate, and assist in remediation of critical information security incidents.
— Improve and challenge existing processes and procedures in a very agile global and fast moving
information security environment.
— Mentor security analysts regarding risk management, information security controls, incident
analysis, incident response, SIEM monitoring, and other operational tasks in support of technologies
managed by the Cyber Fusion Centre
— Act as the lead coordinator for the CFC’s response to individual cyber security incidents
— Identify and document containment and remediation efforts which successfully reduce risk
— Maintain documentation on residual risk, along with assignment of leadership owners and
recommended steps for remediation
— Participate in project work, sometimes acting as project lead
— Possess expert knowledge of:
– Information security policies and goals
– Log analysis and event traffic patterns
– DLP, encryption, HIDS, NIDS, firewall technology
– The current IT threat landscape and upcoming trends in security
— Responsible for taking action on alerts, events, and incidents escalated from the Analyst.
— Act as a lead for a shift.
— Assist with Incident Management and Co-ordination, and out of hours incident escalation.
— Triage malware incidents, their priority and the need for escalation.
— Monitoring for emerging threat patterns and vulnerabilities.
— Assists with recommendations and workarounds.
— Coordinates with other external stakeholders.
— Communicates with management on incident updates.
— Able to complete the incident lifecycle without higher level supervision.
Qualifications, Experience, Skills
— 5 plus years of security experience preferable and 5 plus years of IT experience preferable Bachelor's
Degree in Computer Science, Computer Networking, or Computer Security or equivalent
— CISSP or CISA or CISM Certifications or equivalent
— Advanced understanding of information security, border protection, incident handling & response,
endpoint protection & encryption
— Strong understanding of computer science: algorithms, data structures, databases, operating
systems, networks, and tool development
— Able to evaluate current people, processes, technology, and business drivers to improve the CFC
service.
— Network infrastructure knowledge, advanced knowledge of TCP/IP and Internet protocols.
— Experience with network packet and Netflow analysis, In-depth knowledge of infrastructure and
operating systems.
— Policy and Standards, Incident Management, Prioritization, Technologies, Security, Testing,
Monitoring, IT Change, Infrastructure, Application
— Understanding and experience using various security related exploits and tools
— Strong ability to communicate: write clearly and speak authoritatively to different audiences
Advanced knowledge in; Firewalls, VPN, Intrusion detection and prevention systems, anti-virus and
content filtering, URL filtering, authentication solutions, switches, routers, VoIP, DMZ.