Job Description:

DXC Technology is a Fortune 500 Global IT Services Leader and is ranked at 152.Our more than 130,000 people in 70-plus countries are entrusted by our customers to deliver what matters most. We use the power of technology to deliver mission critical IT services that transform global businesses. We deliver excellenceforour customers,colleagues,and communities around the world.

Accelerate your career and reimagine the possibilities with DXC!

We inspire and take care of our people. Work in a culture that encourages innovation and where brilliant people embrace change and seize opportunities to advance their careers and amplify customer success. Leverage technology skills and deep industry knowledge to help clients. Work on transformation programs that modernize operations and drive innovation across our customer’s entire IT estate using the latest technologies in cloud, applications, security, IT Outsourcing, business process outsourcing and modern workplace.

At DXC Technology, we believe strong connections and community are key to our success. Our work model prioritizes in-person collaboration while offering flexibility to support wellbeing, productivity, individual work styles, and life circumstances.We’recommitted to fostering an inclusive environment where everyone can thrive.#DXCSMARTFirst

Roles and Responsibilities:

Perform detail analysis of events during the incident process, combining sound analytical skills with advanced knowledge of IT Security and Network Threats.

Participate in knowledge sharing with other Senior Analysts and writing technical articles for Internal Knowledge Bases.

Provide a containment strategy and remediation plan in order to resolve the security issue.

Develop and maintain a strong relationship with the Client Security Teams.

Perform other essential duties as assigned.

Perform daily follow up on all tickets that were not resolved by Security analysts

If a resolution for the Incident is not known or available at this point, and it is not considered to be a Major Incident, engage the relevant higher level support team.

If the incident is believed to be a Major Incident the Strategic Incident Manager / Shift Manager needs to be notified

Understand and utilize the RtOP process and Key Production Environment incident handling

Provide swift and accurate reactions during an ongoing security crisis situations identifying different type IoCs establishing mitigation/remediation plans.

Follow training plans, requirements and schedules as outlined by the Technical Supervisor.

Complete and keep up to date with all Mandatory trainings. (Environmental Health and Safety, ITSM, Security Fundaments, Standards of Business Conduct, Standards of Personal Conduct, Internal work instructions )

Provide out of office hours on-call support and guidance to the junior team members.

Do deep troubleshooting within the applicable technology

Full understanding of the Cyber Kill Chain methodology

Escalation to Security support teams as needed.

Alert tuning analysis proposal

Alert suppression analysis proposal

Provide regional security managers with up-to-date team metrics and proactively address any potential improvements or concerns related to the team.
Tool selection and improvement proposal

Key deliverables/accountabilities:

E2E ownership of all security incidents as per approved process
Security incident tickets raised are reviewed for closure/updates within appropriate timeframes.
Stale security incident tickets raised are reviewed for closure/updates within appropriate timeframes, prioritising incidents that are in the daily combined scrum/triage review, such as forensic REAP's.
Always responding to a reporter of an incident with a ticket number, updates and resolution of the incident within appropriate timeframes.
Properly risk assess all reported IT related security incidents and assign the correct priority in tickets
To record accurately and consistently my technical analysis in Service Now - pDXC.
To attach related emails followed by a log entry explaining the contents email that was attached.
Always verifying handoff of an incident to any group and recording it in the ticket, including DFI, CTH, CTAC, or SIRCC Region.
Always closing an incident explaining with some detail of the resolution and how or why that resolution was determined.
Correctly using parent/child tickets and tasks and updating relevant tickets/tasks with the relevant information, keeping things clear and concise.
Perform daily ticket reviews of recent incidents, identify any potential issues or gaps and address with the staff responsible.
Identifying, taking ownership, and managing major IT security incidents that affect DXC and its clients.
Creation/peer review of initial drafts of RCA documents for incidents handled by the SIRCC
Perform daily ticket reviews of recent incidents, identify any potential issues or gaps and address with the staff responsible.
Conduct meetings for collaborators and for coordinating incident-response groups:
Technical meetings to manage hands-on investigation and mitigation activities; forensic meetings to review discovery and to help assess risk and damage
Management meetings to keep stakeholders and managers apprised of risk and mitigation progress, and to ensure the incident handling meets business needs
Lead investigation activities
Ensure that reports of compromise required by regulation, contract, or policy are timely and accurate
Develop mitigation strategies
Assign actions, and ensure that action-items are progressing or completed; escalate issues to overcome barriers to investigation or action
Creating reports that help inform managers and collaborators not only of incident status, but also of risks, and of how an incident may fit a pattern of attack
Develop playbooks for various incident scenarios - e.g. Ransomware
Follow established process with HPIM on P1 incidents and RToPs
Send executive summaries as per the approved stakeholder matrix on all high/critical security incidentsSupport the SIRCC Analysts with queries of processes or of technical nature.
Manage SIRCC Analysts day-to-day tasks
Upskill and mentor SIRCC Analysts
Assist and guide new hires through the onboarding period.

Working relationships:

Internal:

Other Internal Support Teams
Security Officers
Client Capability Leads
Technical Owners
Account Support Team members
Technology Delivery Managers
Service Delivery Managers
Team Technology Leads
VP, Senior Directors, Enterprise Security and Senior Managers

External:

DXC Partners and Clients via DXC Account Delivery teams
External Computer Emergency Response Team
National Authorities via DXC Legal / DXC Information Security

Education and Experience Required:

Bachelor’s Degree in Information Security or related discipline, or any of the following or similar related certifications: CHFI, CEH, OSCP, OPST, eCPTT, GCIH, GCIA or GSEC. documented experience (3+ years) in an incident handling capacity or (5+ years) in a cyber security role.
Current or recent experience working with enterprise level anti-malware or advanced endpoint protection packages.
Experience with Operating System security, administration, and logging in an enterprise environment.

Previous experience with process and procedure development.
Experience dealing with cybercrime and working in an environment that requires an investigative response when dealing with computer based electronic evidence.
Typically,7-10 years of relevant work experience in industry.
A continuous learner that stays abreast with industry knowledge and technology

SIRCC Incident Response Manager

Job Description

About dxctechnology

Similar Jobs

Business Builder and Chief of Staff, AI Partnership Ecosystem

Lab Manager – Microsoft Garage Hyderabad (Replacement)