Regional Incident Response Manager
Please note that this role is based in the United Kingdom. In order to enable us to meet statutory and regulatory obligations of the United Kingdom immigration system you must have the appropriate immigration permission needed to work and reside in the United Kingdom.
Sony Pictures Entertainment’s London based Information Security team are currently looking for a Regional Incident Response Manager to join their team and be responsible for handling incident response duties and driving initiatives.
The Regional Incident Response Manager will conduct advanced computer and network forensic investigations relating to various forms of malware, computer intrusion, theft of information, denial of service, data breaches, and other incidents.
This role will work with the Security Operation Centre to rapidly assess, remedy, and/or refer incidents to proper resolution, as well as IT and other departments to identify root cause and develop corrective and preventive measures.
Additionally this position will work with threat assessment peers to identify and make recommendations to the Incident Response Executive Director to improve the security stance and incident response capabilities of the organization.
Function as an incident response handler, directing IT and other departments during security incidents, including evidence preservation, corrective action, and preventive actions
Conduct advanced computer and network forensic investigations relating to various forms of malware, computer intrusion, theft of information, denial of service, data breaches, etc.
Assist in identifying and remediating gaps as identified throughout the investigation.
Maintain technical knowledge within areas of expertise via formal training and self-education
Perform basic programming and develop scripts in support of the Incident Response and Threat Analysis team
Design, document, and implement incident response processes, procedures, guidelines, and solutions.
Responsible for technical and executive level reports on incident response issues
Some travel may be required within region and to the home office in Los Angeles, California, United States.
Engaging with business stakeholders to understand business practices; gathering and facilitating the convergence of business, technical and security requirements; liaising with IT to align the environment with existing and future requirements
Collaborating with IT to ensure security is factored into the evaluation, selection, installation and configuration of hardware, applications and software; researching technologies and identifying differentiators and integration challenges; providing technical and managerial expertise on maintenance and administration aspects
Providing support and guidance on legal and regulatory compliance including data privacy
Tracking, reporting, and coordinating the remediation of security vulnerabilities
Work closely with the regional Info Security team and respond to tasks from the regional InfoSec lead
Functional knowledge of:
Host and network forensic tools and techniques
Information security, client/server architectures, and networking
Current and evolving cyber threat landscape
Threat intelligence and applied use within incident response and forensic investigations
Malware analysis and understanding attack techniques
Interpreting, searching, and manipulating data within enterprise logging solutions
Working with network, host, and user activity data, and identifying anomalies
Programming and scripting to support data analysis and simple tool development
- Information Security certification (CISSP, CISM, etc.)
- Incident and Forensic Security certification (GIAC GCIA / GCIH)
- Ethical hacking certifications (CEH, etc.)
- Bachelor’s degree or equivalent working experience
- Typically 5-7 years of overall information security experience
- Typically 3-5 years of incident response experience
- Typically 1-2 years of forensic / malware experience
- Typically 1-2 years of SIEM / IDS / IPS / PCAP analysis experience
- Typically 1-2 years of cyber threat tracking
- Typically 1-2 years of Vulnerability management and/or analysis
Other Preferred Technology Knowledge/Skills/Abilities
- Hacker techniques, tools, and motivations
- Operating systems (Windows, OS X, Linux and UNIX)
- Multilayer security architectures and controls
- Application architecture (mainframes, databases, web, middleware, virtual)
- Network architecture (firewalls, routers, switches and load balancers)
- Security technologies (IDS/IPS, advanced endpoint protection, AV)
- Analyzing file system images, memory images and network packet captures
- Using commercial and open source security testing / vulnerability analysis tools
- Problem solving with missing information while under pressure with short deadlines
- Dynamic malware analysis and indicator extraction
- Indicator pivoting, tracking and analysis
- Ability to prioritize multiple tasks rapidly, formulate a plan, respond quickly and communicate with customers and leadership
- Generating both technical and executive reports and briefings
- Programming in one or more of the following: C, C++, C#, Java, .NET, SQL, Python, ASM
- Shell scripting in one or more of the following: Perl, Bash, PHP, WMI, PowerShell
- Reviewing application source code for security vulnerabilities
- Using debuggers and/or de-compilers
- Reverse engineering complex code, using tools such as IDA Pro, OllyDBG and other similar tools
- Bilingual speaking and writing skills (Japanese, Chinese, Spanish, etc.)
- Take on new responsibilities and influence others as needed to deliver consistent results
- Strong verbal communications skills and concise written communication skills
- Strong organizational and multi-tasking skills
- Pick up new skills through self-learning and on the job training
- Innovate and stay current on security technologies
- Attention to detail with flexibility in addressing changing requirements
Sony Pictures Entertainment is committed to equal opportunity in all its employment practices, policies and procedures. No worker or potential worker will therefore receive less favourable treatment due to his or her race, age, creed, sexual orientation, colour, nationality, ethnic origin, disability, religion, gender, marital status or Trade Union membership (if applicable).