Responsibilities:

1. Document incident response process and procedures.
2. Provide first responder forensics analysis and investigation
   1. Triage and resolve advanced vector attacks such as botnets and advanced persistent threats (APTs)
   2. Own business impacting situations, and work to restore normal service operations in cooperation with cross-functional partners.
   3. Ensure timely communications and updates are provided for incident management and root-cause scenarios.
   4. Work directly with data asset owners and business response plan owners during high severity events of interest.
   5. Leads the effort on messaging and communication related to incident reporting for all audience.
   6. Drives containment strategy during data loss or breach events.
   7. Maintains chain of custody of incident evidence.
3. Drives post-containment recovery effort through to complete incident closure
   1. Provides recommendations to resolve and/or reduce impact of incident and to prevent future similar incidents.
   2. Develop and enrich restoration procedures to mitigate future outages and business disruptions.
   3. Provide control change recommendations to administrators based on findings during investigations or threat information reviews
   4. Identify and recommend opportunities for “clean-slate” process improvement with regards to incident management, fault monitoring, triage procedures and issue escalation.
4. Provides written final incident report to executive management
   1. Assessing scope of incident damage and assisting in the determination of incident severity.
   2. Document activities such as investigation, discovery and recovery during the incident.
5. Collaborate with departmental IT team and ISD ITS teams such as architecture, development, and engineering teams to identify the root cause of recurring incidents and create action-plans for resolution
   1. Leverage and lead the root-cause/problem management process to correlate trends business impacts.
6. Maintain on-call availability for 24x7x365 coverage.

Required Skills:

1. One or more of the following professional certifications requited: Qualified Security Assessor (QSA), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professionals (CISSP), Certified Information Security Manager (CISM), Certified Information Privacy Professional (CIPP), GIAC Certified Incident Handler,,(GCIH) or GIAC Network Forensic Analyst.
2. Bachelor’s degree from an accredited college in Technology related discipline (e.g. Computer Science, Engineering, Information Systems, etc.) or equivalent experience/combined education.
3. Minimum of three (3) years’ experience in the last five (5) years as an IT Security Incident Response Manager, supporting a complex enterprise security environment for a large public or private organization.
4. Minimum of three (3) years of experience in the past five (5) years as an IT Security Incident Response Manager, supporting Enterprise Multi-Tenant environment, include responding, containing, remediating, and reporting on the infrastructure connecting to County Departments and Public Cloud Providers, such as AWS, Azure and/or GCP.
5. Minimum of two (2) years’ experience in the last three (3) years analyzing, responding, and remediating enterprise network & security architectures.
6. Minimum of two (2) years’ experience in the last three (3) years leading IT Security/Information Security teams.
7. Minimum of two (2) years’ experience in the last three (3) years delivering Incident Reports and Remediation Recommendations in a large enterprise organization.
8. Demonstrated ability to create clear, concise technical documentations such as procedures, Visio diagrams, and system support documents, and strong presentation skills with experience using Microsoft PowerPoint.