Position TitlePosition NumberLocationPosition Title:Cyber Threat- Incident Management PrincipalPosition Number:442811 Position TypeSkills/AttributesPosition TypeTemporarySkills/Attributescyber security, Incident Management, ServiceNow Estimated Duration (In Weeks)Estimated Duration (In Weeks)24 Min Hourly Rate($) Max Hourly Rate($)Min Hourly Rate($)95.00Max Hourly Rate($)100.00Apply NowDescription
- **Only those lawfully authorized to work in the designated country associated with the position will be considered.**
- **Please note that all Position start dates and duration are estimates and may be reduced or lengthened based upon a client’s business needs and requirements.**
- Fully Remote, Work from Home****
Title: Cyber Threat Situation Management Principal – Incident Commander6 MonthsPosition Summary:Build playbooks in ServiceNowManager Security Incident responseSkills:Incident response expPlaybooks, WorkflowServiceNow Exp (Highly Preferred)XSOAR exp (Preferred)As a Cyber Threat Situation Management Principal, you will perform incident management activity for security incidents from both internal and external sources. This includes participation in all phases of incident management, including incident response planning, preparation, program development, active response, threat mitigation, lessons learned, remediation, program maturation, and other post-incident activity. The incident management role interacts with internal and external parties at all levels of the organization and possessing varying levels of technical acumen. This occupant of this role must have robust incident response technical expertise, strong project management skills, and excellent verbal and written communication skills. The occupant must be able to translate complex technical situations into instructions, action items, and statuses and be able to communicate them to any audience.As a member of the Cyber Risk Defense Center Threat Response and Investigation team performing incident management, the candidate must:
- Lead and coordinate incident response/management functions
- Perform incident commander functions for high severity incidents and pre-incidents
- Develop post-incident after action, lessons learned, and recommendations documentation
- Perform technical writing for security and response functions
- Coordinate between disparate technical groups, business owners, executive leadership, compliance teams, legal teams, and vendors
- Perform orchestration and automation of incident functions, workflows, playbooks, and metrics
- Maintain the Cyber Security Incident Response Plan (CSIRP), incident communication/escalation, Out of Ban Communication (OOBC), Break-the-Glass (BTG) plans, and RACIs.
- Develop and maintain Incident Management policies, standards, procedures, processes, playbooks, workflows, and service level agreements to combat new or evolving threats
- Develop and conduct breach exercises customized for broad combinations or smaller, targeted environments to test incident management processes, document findings, and identify recommendations and lessons learned
Required Skills and Qualifications – A candidate should meet the majority of the following:
- Bachelor’s degree in Business Administration, Computer Science, Information Technology, Cybersecurity and Information Assurance, Project Management, or similar technical degree or equivalent job experience
- 15+ years of equivalent work experience in DFIR, incident management, incident response, and/or cybersecurity
EnCE, GCFE, GCFA, GNFA, GDAT, GCIH, GREM, GLEG, GDSA, GCCC, CISA, CISM, PMP, or similar certificationsStrong self-starting ability, patience, and leadership skillsEffective communication skills and the ability to understand and translate cyber security threats from a technical perspective to business-level understanding and execution.Strong analytical and problem-solving skills and the ability to work with a diverse array of teamsBroad technical background involving cyber security, computer forensics, network forensics, log forensics, incident response, and/or incident management
- A thorough understanding of attacker/malware tools, tactics, and procedures
- Training, mentoring, leadership, and project management skills
Benefits:
For information and details on employment benefits offered with this position, please visit here. Should you have any questions/concerns, please contact our HR Department via our secure website.
California Pay Equity:
For information and details on pay equity laws in California, please visit the State of California Department of Industrial Relations’ website here.
Rose International is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, sexual orientation, gender (expression or identity), national origin, arrest and conviction records, disability, veteran status or any other characteristic protected by law. Positions located in San Francisco and Los Angeles, California will be administered in accordance with their respective Fair Chance Ordinances.
If you need assistance in completing this application, or during any phase of the application, interview, hiring, or employment process, whether due to a disability or otherwise, please contact our HR Department.
Rose International has an official agreement (ID #132522), effective June 30, 2008, with the U.S. Department of Homeland Security, U.S. Citizenship and Immigration Services, Employment Verification Program (E-Verify). (Posting required by OCGA 13/10-91.).
