Address
Form of work
SalaryDXC Technology is a Fortune 500 global IT services leader. We use the power of technology to deliver mission critical IT services that drive business impact. DXC is an employer of choice with strong values, and fosters a culture of inclusion, belonging and corporate citizenship. We deliver the IT services our customers need to modernize operations and drive innovation across the entire IT estate.
Summary
The Security Incident Coordination Analyst has the responsibility for the co-ordination and management of any Security Incidents. You will be a member of the leveraged UK Security Incident Coordination Team that delivers security services to a wide range of customers in Public Sector, Health, Defence and Commercial Sectors.
- You will be responsible for the end-to-end management of the Security incident life cycle, overseeing each of the relevant stages from triage through to closure, looking to identify patterns from root causes analysis and making recommendations for improvements based on trend analysis of Security incidents.
- Regarding high severity/critical Security incidents (P1 and P2) you will be responsible for managing and responding to them when they occur and expected to work closely with DXC Delivery and customer teams.
- Following identification of a high severity/ critical Security incident, you will be responsible for the execution of a Critical Security Incident Response Plan with the effective coordination of resources across DXC’s service lines and CISO team as needed to achieve a successful outcome.
- You will be responsible for providing Security incident reports and metrics concerning Security incidents and investigations to the Security Delivery Lead and customer.
- You will provide a professional interface when required with the customer, the delivery team, and the line management chain, thus being point of contact for operational security advice and guidance. You will also be responsible for escalations of issues as and when necessary.
As part of the SIC Team, you will:
- Monitor security tooling, conduct triage and analysis of any subsequent alerts, events and/or Security incidents identified.
- Validate, verify, and report protective or countermeasure solutions, both technical and administrative
- Co-ordinate and Investigate Security Incidents through to completion.
- Work with other resolver groups to respond to and investigate Security incidents.
- Monitor and manage functional mailboxes and respond to email enquiries from the account and clients.
- Monitor and manage security tickets queues.
- Review and raise Security incidents in ticketing systems.
- Assist in the completion of security reporting to agreed timescales and quality.
- Compile and present reports using Microsoft PowerPoint and Excel. Provision of Critical Incident Response Report and lessons learnt to key stakeholders. Deal with legal and law enforcement-related issues as required.
- Periodically review Security incidents to perform trend analysis, before making recommendations to the Security Delivery Lead for potential security improvements or sales opportunities
- Respond to incidents as per playbooks and Security Incident Management Process.
- Act as an advisor to the account concerning Critical Security Advisories., responding to DXC Threat Advisories, Carecert and other emergency patching advisories.
- Develop and maintain a critical vulnerability management system to effectively communicate with DXC clients when a “Zero Day” vulnerability is discovered e.g., SolarWinds.
- Manage security information requests from the customer.
- Lead on complex and severe incidents when required and ensure that playbooks are updated or reviewed to ensure that any lessons learnt are documented and repeatable.
- Take responsibility for SIC Team processes and continually review them to ensure that they are current and up to date.
- Ensure that all obligations are covered off (for instance monthly reporting) to the agreed timescales and quality.
- Ensure that the Security Delivery Lead is informed of all relevant Security Incidents and Issues on the account.
- There will be a requirement that you must provide standby(on-call) cover whilst working on an agreed rota to cover high severity/critical Security incidents.
- There may be requirements to work flexible hours when required e.g.,8am -4pm or 10am to 6pm.
- Due to the nature of some of our clients a current security clearance is preferable, or willingness to attain security clearance.
Training
- Ensure that you perform any mandatory training in line with Enterprise / Practise requirements and deadlines.
- To maintain a watching brief on threat actors and advanced persistent threats as well as continually reviewing zero-day exploits for potential issues.
- Enthusiasm and desire to develop your skill and knowledge base.
Essential
- Possess experience of handling, responding, and investigating to Cyber Security incidents
- Possess good analytical skills.
- Experience of log analysis.
- Knowledge and experience of using Protective Monitoring Tools e.g., ArcSight, Tanium, McAfee, Symantec, MS Defender, Microsoft 365, AZURE, and Azure Sentinel Threat and Vulnerability management experience.
Experience of malware alert review
- Experience of working in SOCS, ticketing systems, and interacting with delivery capabilities
- Enthusiastic and committed approach with a track record of building strong, trusted base relationships with colleagues and stakeholders at all levels.
- A sound working knowledge of security best practice and legislation affecting the security role.
- Self-motivated and an ability to keep up to date with latest security threats and vulnerabilities and trends.
- Excellent communication, influencing, negotiating and engagement skills.
- Possess good leadership skills when interacting with account delivery teams.
- Sound judgement and decision-making skills, with a ‘hands on’, problem solving approach, able to remain calm under pressure and own Security incidents.
- Ability to work to tight timescales.
- Ability to remain calm and focused on high pressure situations identifying business resources essential to recovery.
- Experience of writing procedures and reports
- Ability to work as part of a team, as well as independently.
Desirable
- Recognized security qualification e.g., CISSP or CISM or willing towards obtaining accreditation.
- Security professional with a proven experience within the security industry, the public sector, or armed services.
- Knowledge of types and sources of tools and equipment required to adequately equip an Incident Response Team.
- Knowledge of forensic requirements for collecting and presenting evidence
Investment In Training and Development
- We offer a comprehensive range of training and career development opportunities, a structured induction programme, tailored job training as well as mentoring and support for relevant sponsored professional qualifications. We’re developing an environment where people can grow and harness their careers and skills to be the best that they can be to focus on the long term.
Our Culture
- Here at DXC we support with care and compassion, and we are constantly evolving our initiatives around equality, diversity, and inclusion to ensure that everyone feels equally involved and supported in the workplace no matter of who they are or what they do. We are proud of the culture we are creating to ensure that our commitment is ongoing and have a diverse mix of employees working within an inclusive environment and culture to create a high performing workforce led by talented leaders. We aspire to be recognised for our innovative and modern thinking approach.
Employee Benefits
- As part of our competitive remuneration package, flexible benefits are available. There is an option to “flex up and down” on specific benefits, for example buy or sell annual leave, Private Medical Benefit, Dental and Travel Insurance. You will also have access to ‘Perks at Work’, a discount store to purchase gift cards at reduced rates and get discounts on holidays, restaurants, activities, groceries and more.
