req. #1596 http://www.svb.com/careers/search/
The Computer Security Incident Response Team (CSIRT) is responsible for investigating and reporting of information security incidents supporting all business units. The team coordinates with IT, Legal, Human Resources, and other appropriate business units to gather incident details, assess impact, and coordinate response.
This role requires experience in all phases of CSIR including preparation, notification, response, recovery, analysis, and post-mortem. The candidate must be familiar with communication technologies and protocols. The candidate that fulfills this role will be expected to have process documentation experience and excellent intra-business relationship experience. This role interacts with all levels of the organization, particularly within the IT organization and is viewed as a subject matter expert.
This role reports to the Computer Security Incident Response Manager and coordinates response activities that support the SVBFG Security, GLBA, Privacy, Incident Response, and Identity Theft Prevention programs. A holistic understanding of attack vectors and current threats and the ability to create high quality deliverables is essential for this role. A background in computer forensic practices and procedures, basic investigations, and evidence handling is preferred.
Incident Response:
- Detect and respond to computer security incidents according to the Computer Security Incident Response Plan (CSIRP).
- Provide guidelines to the first responders for handling information security emergencies.
- Coordinate efforts among Legal, Human Resources, Corporate Compliance, law enforcement, outside information security emergency handling agencies.
- Prepare updates and enhancements to the CSIRP and related documents as required.
- Evaluate and recommend new technologies in incident response to ensure that SVBFG has adequate tools for responding to computer security incidents.
Forensic Investigation:
- Lead the forensic investigation efforts and the post mortem sessions for computer security incidents.
- Correlate event data from multiple sources (Intrusion Detections Systems (IDS), Vulnerability Assessment Systems (VAS), network device logs, server logs, application logs, etc.) to understand incident details.
- Collect and preserve evidence following industry best practices and established procedures.
- Work closely with Law Enforcement Agencies (LEA) throughout the investigation process.
- Provide investigation progress updates to the Computer Incident Response Team (CISRT).
- Provide investigation findings to relevant Business Units to help improve their information security posture.
- Evaluate and recommend new technologies in computer forensics to ensure that the SVB Financial Group has sufficient tools for investigating computer security incidents.
- Prepare information security forensic policies and procedures and update as required.
Malware Reverse Engineering:
- Isolate, review, analyze, and reverse-engineer suspicious or malicious programs recovered from compromised computer systems and networks.
- Produce technical reports identifying indicators of compromise and associated risk factors.
- Experience with IDA Pro, OllyDbg, wireshark, Visual Studio, and version control systems.
- Knowledge of two or more programming languages.