Title:  Cyber SOC Incident Response Manager

At JTI we celebrate differences, and everyone truly belongs. 46,000 people from all over the world are continuously building their unique success story with us. 83% of employees feel happy working at JTI.

To make a difference with us, all you need to do is bring your human best.

What will your story be? Apply now!  

Learn more: jti.com

Reporting to: Infosec & Risk Management Director

Duty Post: GBS Manila, Taguig, Philippines

Application Duration: This job posting will remain open until the vacancy is filled. 

Cyber SOC Incident Response Manager

With growing number of Security Incidents and in order to improve Incident Response process, the Security Operations Center needs to assign a Tier 2 Cyber SOC Incident Response Manager who will be able to quickly identify the true cause of a cyber incident, determine the span of a compromise and provide practical advice to fix and prevent the threats and if required, to assist with recovering critical data and services.

Within its main functions, the Cyber SOC Incident Response Manager will: 

• Support the Tier 1 Incident Response Analysts during the handling of low and medium severity incidents.
• Escalate to the Tier 3 Cyber Incident Response Managers high severity incidents and contribute to the resolution.
• Follow IR security standards, properly document IR actions and coordinate IR tasks with other functions within SOC and rest of the organization.

Responsibilities:

• Cyber Incident Response
  • Respond to low and medium Security Incidents, mainly but not exclusively to Phishing, Malware and Web Attacks related Security Incidents
  • Assess, triage, categorize, prioritize and track Security Incidents and escalate the ones with high severity and provide support to its resolution
  • Derive immediate mitigation measures for containment, eradication, and recovery of Security Incident and document implementation progress in line with JTI internal SLAs.
  • Coordinate Incident Response taskforces with different IT functions and end users.
  • Estimate the scope of impacted asset, ensure that remediation is properly address to all scope identified during the Analysis stage according to security standards.
  • Collect forensics malicious payloads, forensics artifacts and IOCs according to JTI SOPs and for further analysis by JTI SOC personnel.
  • Concisely summarize the analysis and actions carried out during the Incident Response handling.
  • Provide basic malware analysis using sandboxes
• Support
  • Support Security Incident Managers during relevant security incidents by following their ad-hoc instructions during the incident handling and forensics activities. 
  • Support Incident Response Analysts and provide them with necessary guidance during daily operations and ensure that appropriate actions were taken in timely and effective manner and in line with JTI SOPs.
• Documentation
  • Contribute to the creation, maintenance and improvements of Security Incident runbooks and SOPs in scope of Incident Response daily activities.
  • Track security incidents, provide close notes and contribute to the reporting
  • Contribute to internal reports, KPIs and metrics.
• Collaboration
  • Contribute with other SOC functions (CTI, Threat Detection, Threat Hunting and MSSP) by providing inputs from IR perspective. Also support activies for collaboration with other  IT and business functions to improve the overall security posture.
• Knowledge management
  • Monitor Security Industry trends on new threats and share knowledge with rest of the team.
  • Develop JTI current and forward-looking threat profile and recommendations for baseline security configurations for operating systems, applications, and networking equipment.

Requirements

• Strong knowledge of information security principles and best practices in incident response.
• Practical knowledge of tools and techniques used in incident detection and response.
• Demonstrated experience working with  EDR/XDR solutions, SIEM platforms and Ticketing systems.
• Experience with Microsoft security products is a plus. E.g. Microsoft Defender for Endpoint.
• Demonstrated experience and knowledge with NIST 800-61 standard and MITRE ATT&CK framework
• Analytical/problem solving ability
• Process management and Standard/Procedures literacy
• Ability to work under constantly changing conditions and tight deadlines
• Strong verbal, written communication and presentation skills
• Scripting skills are a plus

Are you ready to join us? Build your success story at JTI. Apply now!

Next Steps:

After applying, if selected, please anticipate the following within 1-3 weeks of the job posting closure: Phone screening with TA > Assessment tests > Interviews > Offer. Each step is eliminatory and may vary by role type.

At JTI, we strive to create a diverse and inclusive work environment. As an equal-opportunity employer, we welcome applicants from all backgrounds. We are committed to providing reasonable adjustments to applicants with special needs. If you require any accommodations, please let the Talent Advisor know during the selection process.