Job Title: Incident Response Team Member – Consulting position

Location: New York, NY 10019 (Hybrid)

Duration: Contract opportunity

Job Description:

CSIRT Consultant is a technical expert role within NY's US Information System Security (ISS) Team, functionally aligned to the Group’s ISS CSIRT team in the Head Office, France.

The US ISS team oversees and supervises the Information System Security matters in America, including incident response (CSIRT 0 Cyber Security Incident Response Teams) as part of the Global Follow the Sun (FTS) model.

In this role, the CSIRT Consultant will respond and manage the end-to-end Security Incident Management Lifecycle: Incident Identification, Triage, Containment, Eradication, Recovery, and Lesson Learnt.

The person will be the technical point of contact to respond and drive the security incidents response in the region as part of the global FTS model.

The consultant will be responsible for the following activities:

Identifying and detecting Incidents and taking immediate action on security incidents including (but not limited to) DoS attacks, malware attacks, phishing attacks, and web attacks.

End-to-end ownership in driving and leading Security Incident Response and Resolution activities.

Participate and support performing forensics investigations as required to respond to Security Incidents.

Responding to Security Threats and Intelligence alerts & notifications from Group CERT (Computer Emergency Response), Regional Regulators, and authorized Threat Intelligence groups and ensuring appropriate preventive and detective actions are coordinated and deployed in liaison with IT Operations teams as per the defined approach and promptly.

Owning end-to-end coordination, communications, and deployment of action plans for Threat Advisories or lessons learned from Security Incidents.

Prepare a detailed Incident Post-mortem report and Executive Summary to document the Security Incident chronology, root cause, remediation, and lesson learned.

Creating and updating the incident response plan (IRP) and playbooks and ensuring periodical review of playbooks to ensure the relevancy of response actions in the current context, including updated information of all stakeholders involved.

Collaborate with other Geo’s CSIRT team members on security matters and act as a backup to manage security incidents and other security activities in scope as needed.

Periodic review of security measures of Networks (Switches. Routers, Firewall, IPS, etc.) In addition, Systems (Win*,*NIX, etc.) in support of the management of vulnerabilities.

Support and integrate with incident response, threat intelligence, and overall security strategy as needed.

Complete all mandatory training as required to attain and maintain competence.

Comply with all applicable legal, regulatory, and internal Compliance requirements, including, but not limited to, the Compliance Manual and Compliance policies and procedures as issued from time to time; Financial Security requirements, including, but not limited to, the prevention of Financial Crime and Fraud including reporting obligations to the Money Laundering Reporting Officer, zone wide.

Support and run annual “table-top incidents” exercise with management.

Vulnerability management: Ensure the vulnerability remediation process is known followed and at the expected level of performance

In case of severe security incident (suspected or effective attack): Coordination of investigation, mitigation, and remediation operation concerning IT operation and application teams.

Management and Reporting:

Reports to the IT Security Office