Regional Incident Response Manager
Sony Pictures
London, UKThis was removed by the employer on 8/28/2019 6:52:00 AM PST
Not to worry we have many other jobs on the site;
Browse all jobs
Browse the IS/IT Category
Browse the Studio Category
Search for Regional Incident Response Manager jobs in London-UK
Search all Regional Incident Response Manager postings
Full Time Job
Regional Incident Response Manager
Please note that this role is based in the United Kingdom. In order to enable us to meet statutory and regulatory obligations of the United Kingdom immigration system you must have the appropriate immigration permission needed to work and reside in the United Kingdom
Sony Pictures Entertainment's London based Information Security team are currently looking for a Regional Incident Response Manager to join their team and be responsible for handling incident response duties and driving initiatives.
The Regional Incident Response Manager will conduct advanced computer and network forensic investigations relating to various forms of malware, computer intrusion, theft of information, denial of service, data breaches, and other incidents.
This role will work with the Security Operation Centre to rapidly assess, remedy, and/or refer incidents to proper resolution, as well as IT and other departments to identify root cause and develop corrective and preventive measures.
Additionally, this position will work with threat assessment peers to identify and make recommendations to the Incident Response Executive Director to improve the security stance and incident response capabilities of the organization.
Core Responsibilities
• Function as an incident response handler, directing IT and other departments during security incidents, including evidence preservation, corrective action, and preventive actions
• Conduct advanced computer, mobile and network forensic investigations relating to various forms of malware, computer intrusion, theft of information, denial of service, data breaches, etc. Assist in identifying and remediating gaps as identified throughout the investigation. Maintain technical knowledge within areas of expertise via formal training and self-education
• Design, document, and implement incident response processes, procedures, guidelines, and solutions. Responsible for technical and executive level reports on incident response issues
• Provide expert level technical cyber security advice to the EMEA region
• Some travel may be required within region and to the home office in Los Angeles, California, United States.
Additional Responsibilities
Include
• Engaging with business stakeholders to understand business practices; gathering and facilitating the convergence of business, technical and security requirements; liaising with IT to align the environment with existing and future requirements
• Conducting Risk assessments, documenting findings, developing actions plans for SPE subsidiaries in region
• Tracking, reporting, and coordinating the remediation of security vulnerabilities
• Work closely with the regional Info Security team and respond to tasks from the regional InfoSec lead
• Working other cyber security projects as assigned
In order to be considered for this role, candidates will need to meet the following background:
Functional knowledge of:
• Host and network forensic tools and techniques (essential)
• Information security, client/server architectures, and networking (essential)
• Current and evolving cyber threat landscape (essential)
• Threat intelligence and applied use within incident response and forensic investigations (essential)
• Malware analysis and understanding attack techniques (essential)
• Interpreting, searching, and manipulating data within enterprise logging solutions (essential)
• Working with network, host, and user activity data, and identifying anomalies (essential)
• Programming and scripting to support data analysis and simple tool development (desirable)
• Mobile device forensics and analysis (desirable)
• Multilayer security architectures and controls (desirable)
• Application architecture (mainframes, databases, web, middleware, virtual) (desirable)
• Vulnerability analysis and management (desirable)
Technical/Certification Essential (Must have one or more)
• Information Security certification (CISSP, CISM, etc.)
• Incident and Forensic Security certification (GNFA / GCIH / ACE / AME)
• Ethical hacking certifications (CEH, etc.)
Background/Toolage/Skills
• Education (essential)
• Bachelor's degree or equivalent working experience
• Typically 5 years of experience in Incident Response and/or Forensic Analysis
• PC or Mobile device forensic certification
• Tool Experience (several from each category is essential)
• Forensic Tools: EnCase Forensics / EnCase Enterprise; Access Data Enterprise / Access Data Mobile Phone Examiner / FTK / Cellebrite / EIF / XWays / Paladin Forensic Suite / WinHex
• Forensic Hardware: Write Blockers / Atola Insight / DeepSpar
• IR Tools: FireEye HX / Splunk / Volatility / Volcano / Mandiant Redline / Cuckoo / VirusTotal / Wireshark / McAfee Nitro / Palo Alto
• Ticketing Systems: ServiceNow / Jira / Archer
• Host Security Tools: Zimperium / McAfee Endpoint Products / Qualys
• Splunk
• AWS security
• Knowledge of
• Hacker techniques, tools, and motivations (essential)
• Operating systems (Windows, OS X, Linux and UNIX) (essential)
• Security technologies (IDS/IPS, advanced endpoint protection, AV) (essential)
• Applicable data privacy laws (GDPR, etc.) (essential)
• Network architecture (firewalls, routers, switches and load balancers) (desirable)
• Experience in:
• Analyzing file system images, memory images and network packet captures (essential)
• Preserving evidence for law enforcement / legal (essential)
• Excellent log analysis skills (essential)
• Problem solving with missing information while under pressure with short deadlines (essential)
• Dynamic malware analysis and indicator extraction (essential)
• Indicator pivoting, tracking and analysis (essential)
• Ability to prioritize multiple tasks rapidly, formulate a plan, respond quickly and communicate with customers and leadership (essential)
• Generating both technical and executive reports and briefings (essential)
• Ability to manage an incident response laboratory (essential)
• Working with and communicating with lawyers and privacy officers (essential)
• Other Desirable Skills:
• Analysing/Recovering data from: NTFS / FAT / EXT / HFS / APFS (desirable)
• Programming in one or more of the following: C, C , C#, Java, .NET, SQL, Python, ASM (desirable)
• Shell scripting in one or more of the following: Perl, Bash, PHP, WMI, PowerShell (desirable)
• Using debuggers and/or de-compilers (desirable)
• Reverse engineering complex code, using tools such as IDA Pro, OllyDBG and other similar tools (desirable)
• eDiscovery experience and knowledge of eDiscovery tools (desirable)
• Using commercial and open source security testing / vulnerability analysis tools (desirable)
• Bilingual speaking and writing skills (Japanese, Chinese, Spanish, etc.) (desirable)
• Ability to:
• Take on new responsibilities and influence others as needed to deliver consistent results
• Work in a global environment and manage issues across multiple locations
• Strong verbal communications skills and concise written communication skills
• Strong organizational and multi-tasking skills
• Pick up new skills through self-learning and on the job training
• Innovate and stay current on security technologies
• Attention to detail with flexibility in addressing changing requirements
Sony Pictures Entertainment is committed to equal opportunity in all its employment practices, policies and procedures. No worker or potential worker will therefore receive less favourable treatment due to their race, age, creed, sexual orientation, colour, nationality, ethnic origin, disability, religion, gender, marital status or Trade Union membership (if applicable).
* Sony Pictures - GBR - London