JOB PURPOSE

An Incident Response Analyst is a cybersecurity professional tasked with responding to cybersecurity activities and incidents including data loss, computer compromise, ransomware, and internal misuse of resources, using advanced analysis and investigate skills.

JOB CONTEXT

Incident Responders protect and improve an organization’s security by addressing and managing the activities to recover from a cybersecurity event. The Incident Responder makes an assessment on threat severity, conducts investigations, and works to contain, eradicate, and recover from threats.

Key Responsibilities

  1. Serves as a level 3 investigator, functional expert, and/or team member at the Senior experience level conducting advanced analysis and investigations to detect and remove unauthorized, malicious, or adversary presence from operational systems, networks, or applications, databases, and cloud resources to ensure reliability and availability of mission critical services.
  2. Monitor and respond to security events and incidents using established processes, creating process and procedures where none are already established.
  3. Coordinate the response to security incidents, ensuring all necessary stakeholders are involved and appropriate actions are taken. Work closely with internal teams, such as Applications, network operations, and service desk, to ensure a coordinated and effective response.
  4. Take immediate action to contain and mitigate security incidents to prevent further damage. Develop and execute response plans, including isolating affected systems, blocking malicious activities, and deploying necessary patches or countermeasures. Collaborate with technical teams to eradicate the root cause of incidents and implement remediation measures.
  5. Monitoring of security events in the SIEM, other security feeds and then take appropriate action based on the company security policy.
  6. Conduct forensic investigations to gather evidence and identify the source, extent, and impact of security incidents. Preserve and analyze relevant data, logs, and artifacts to support incident response efforts and potential legal or regulatory requirements.
  7. Create security plans, policies, protocols, and training to prepare the Ecobank group for efficient and effective incident response.
  8. Establish protocols for internal and external communication during and after security incidents.
  9. Prepare comprehensive incident reports documenting the details, actions taken, and lessons learned from security incidents. Communicate findings to relevant stakeholders, including management, IT teams, and external entities as required.
  10. Conduct root cause analysis of incidents to identify gaps and work with engineers to fix the identified gaps.
  11. Work with the SOC to define use/misuse cases for all systems integrated into the SIEM.
  12. Work with the SOC to build a comprehensive and updated asset Inventory for the group.
  13. Support Corporate Investigations and Group Audit with Forensic and Investigations as and when required.
  14. Continuously improve the incident response process by identifying gaps, developing, and implementing best practices, and leveraging automation and orchestration tools.
  15. Contribute to the development of incident response playbooks, standard operating procedures (SOPs), and incident handling guidelines.
  16. Close, hold, return or escalate the security incident based on the results of the response actions and the instructions in the playbook.
See also  Job Vacancy for a Legal Officer at First Bank

Experience & Qualifications:

  1. 5 – 7 years practical and professional experience in Incident Response, Security Operations, Software Development, Applications Support, Systems administration and Network design and implementation.
  2. Bachelor’s degree in computer science, Information Technology or a related discipline is desired. 

Skills, Capabilities & Direct attributes

  1. Advanced knowledge and skill in application of the concepts and practices in cybersecurity, computer programming, networking, computer operating systems (Windows, UNIX), malware forensics, threat analysis, cyber incident handling and response, penetration testing, software/malware reverse engineering. 
  2. Knowledge of the application of Information Assurance, threat hunting technologies and techniques, analysis of computer systems, operating systems, network communication protocols, computer and network architectures and virtual machine technology to investigate a security incidence. 
  3. Ability to analyze and correlate data to distinguish evidence of attacks or intrusions from normal activity.
  4. Ability to compile malware intelligence and research to present to business leaders and stakeholders.
  5. Proficiency in using security technologies and tools, including SIEM, IDS/IPS, EDR, and network analysis tools.
  6. Relevant certifications such as GIAC Certified Incident Handler (GCIH), Certified Information Systems Security Professional (CISSP), CompTIA Cybersecurity Analyst (CySA+) or Certified Ethical Hacker (CEH) are highly desirable.

Deadline : 16th August, 2023

Table of Contents

About Author

By admin

Leave a Reply

Your email address will not be published. Required fields are marked *