(1089) Senior Cyber Security Incident Responder - BSTD

Brief description

The main purpose of this position is to manage the incident response life cycle, including liaising with stakeholders, preparing for, coordinating and providing team leadership for cybersecurity incident response teams (CSIRTs), and ensuring appropriate cybersecurity incident responses to minimise the impact of malicious events or breaches.

Detailed description

The successful candidate will be responsible for the following key performance areas:

• Contribute to the development of incident response documentation, including terms of reference and operating procedures.
• Define and improve the CSIRT operations and coordinate activities, including communications to external parties in the event of severe incidents.
• Refine and continually improve cybersecurity incident management plans, tools, methods and processes.
• Plan and organise cyber incident simulations and desktop exercises.
• Effectively coordinate the response to security breaches and lead the investigation and containment of the incident by sourcing and interpreting advanced information and executing operational countermeasures, including making technical configuration changes.
• Conduct post-incident root cause analyses and contribute to the improvement of security monitoring, intelligence and forensic teams.
• Work with external cyber liaison functions to ensure CSIRT coordination aligns with the wider sector and national and international cyber resilience coordination.
• Manage coordination between the incident response team and the investigative and support functions to ensure all stakeholder priorities are addressed.
• Manage external forensic and advanced incident response support to ensure the delivery of value and alignment with sectoral processes.
• Stay abreast of industry practices and changes and incorporate them into the various functional areas.
• Compile and provide integrated management information reports to support decision-making.
• Lead and participate in engagements with relevant stakeholders/clients and external parties, including the sectoral, national and international liaison, for the purpose of information-sharing and coordinated technical response.
• Compose clear and concise CSIRT close out reports, detailing causes, investigation outcomes, actions taken, recommendations and lessons learnt.
• Understand the cyber threat landscape and stay abreast of emerging threats and threat actors.