McLean 1 (19050), United States of America, McLean, Virginia
Manager, Computer Incident Response
Manager, Computer Incident Response
This position will be a member of the Forensics, Incident Response and eDiscovery Team. This team works with a wide variety of security tools across multiple environments. The Incident Response (CIRT) and Forensic Services personnel investigate, analyze and manage response activities related to computer security incidents and data acquisition efforts within the enterprise. These tasks include, but are not limited to: creating and maintaining incident tracking information; planning, coordinating, and directing recovery activities; and incident analysis tasks, including examining all available information, and supporting evidence or artifacts collection related to an incident or event.
Required Skill Set/Experience:
- Significant knowledge of incident response processes.
- Significant knowledge of forensic tools and procedures.
- Strong ability to analyze information and data.
- Excellent problem-solving and conceptual thinking abilities, especially with technical troubleshooting.
- Strong communication skills with the ability to develop and maintain productive working relationships across multiple.lines of business.
- Ability to manage multiple simultaneous responsibilities.
- Maintain team tools to support incident response and forensic procedures.
- Perform real-time computer security Incident Handling (e.g., forensic collections, intrusion correlation/tracking, analysis, and remediation) tasks to support deployable Incident Response Teams (IRT).
- Assist in performing computer security incident triage to include determining scope, urgency, and potential impact; identify the specific vulnerability and make recommendations which enable expeditious remediation.
- Research and recommend forensic tools that improve productivity and accuracy of investigations.
- Provide highly technical examination, analysis and reporting of computer based evidence to include collecting and analyzing intrusion artifacts (e.g., source code, malware, and Trojans) and use discovered data to enable mitigation potential computer security incidents within the enterprise.
- Effective and professionally secure handling and collection of digital evidence.
- Serve as technical experts and liaisons to other internal investigative and legal groups by providing hands-on.support in reviewing forensic analysis, reports, and data and collaborate with other local, national and international incident response teams as needed.
- Perform analysis of logs from a variety of sources within the enterprise, to include individual host logs, network traffic.logs, firewall logs, and intrusion detection system logs.
- Track and document incidents from initial detection through final resolution including documenting requests and activities in case management system (experience with using Archer a plus).
- Coordinate with and provide expert technical support to resolve computer security incidents working with other information security specialists to correlate threat assessment data, as needed.
- Document new and update current program procedures providing guidance and reports on incident findings to appropriate constituencies.
- Familiarity with laws and regulations regarding security breach response procedures.
-High school diploma, GED, equivalent certification, or military experience.
-At least 5 years of experience in the Information Technology field.
-At least 3 years of experience in incident response and digital forensics.
-At least 2 years of experience using Guidance Software's and Access Data's forensics products.
-Certification in CISSP or SANS GIAC or CFCE or CISA/CISM or CCSP, or CCNA/CCNP Security.
-Bachelor's Degree in Computer Science.
-At least 1 year experience with Guidance Software's Encase Command Center, EnCase Cybersecurity and eDiscovery.
-At least 1 year experience with E-Discovery process and products.
-At least 1 year experience with Windows AD administration and infrastructure.
-At least 1 year experience with SEIM or 1 year experience with SIEM products or 1 year experience with McAfee ESM or 1 year experience with Splunk.
-At least 1 year experience investigating in Cloud.
At this time, Capital One will not sponsor a new applicant for employment authorization for this position