TC-CS-Cyber Detection and Response-Incident Response-Senior

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. 

Job Description: Incident Response Analyst

Position Overview: The Incident Response Analyst is responsible for delivering Tier 3 security incident response services, focusing on application, network, and infrastructure security. The role involves coordinating with the Cyber Defense lead and various resource teams to contain, eradicate, and recover from security incidents. The Analyst plays a crucial role in responding to cyberattacks, mitigating their impact, and enhancing the organization's overall cybersecurity posture.

Key Responsibilities:

• Tier 3 Security Incident Response:
  • Conduct Tier 3 security incident response for application, network, and infrastructure security alert events.
  • Utilize documented procedures and in-house security technologies to manage incidents effectively.

• Coordination and Task Assignment:
  • Assign containment, eradication, and recovery tasks to appropriate resource teams.
  • Ensure clear communication and coordination with relevant teams during incident response activities.

• Response Actions and Host Management:
  • Perform response actions on managed hosts where the Security Operations Center (SOC) team has requisite access and permissions.
  • Isolate suspected compromised or infected hosts and execute other pre-approved actions to disrupt cyberattacks.

• Incident Clarification and Communication:
  • Clarify incident information and recommend containment, eradication, and recovery actions to the cyber defense team.
  • Participate in cyber defense calls related to cybersecurity incidents and provide updates as needed.

• Peer Review and Quality Assurance:
  • Conduct periodic peer reviews of Tier 2 analyst work to identify trends in effectiveness and areas for improvement.
  • Provide constructive feedback to enhance the overall quality of incident response efforts.

• Escalation and Reporting:
  • Engage relevant parties for issue escalation and reporting.
  • Ensure timely communication of critical incidents and status updates to stakeholders, including executive management.

• Coordination and Best Practices:
  • Collaborate with global teams to standardize incident response procedures and share best practices.
  • Adapt response strategies to accommodate different regional and regulatory requirements.

• Continuous Improvement and Learning:
  • Stay updated with the latest cybersecurity threats, trends, and technologies.
  • Contribute to the development and enhancement of incident response processes and playbooks.

• Documentation and Analysis:
  • Maintain comprehensive documentation of all incidents, actions taken, and lessons learned.
  • Analyze incident data to identify patterns, improve detection capabilities, and prevent future incidents.

Qualifications:

• Extensive experience in cybersecurity, particularly in incident response and threat management.
• Proficiency in using security technologies and tools for incident detection and response.
• Strong knowledge of application, network, and infrastructure security.
• Excellent analytical, problem-solving, and decision-making skills.
• Ability to work under pressure and manage multiple incidents simultaneously.
• Strong communication and teamwork skills, with the ability to coordinate with cross-functional teams.
• Familiarity with global cybersecurity standards and regulatory requirements.

Additional Information: The Incident Response Analyst is a critical player in the organization's cybersecurity defense strategy. This role requires a proactive and agile approach to handling security incidents and a strong commitment to protecting the organization's digital assets and reputation. The Analyst must be prepared to respond swiftly and effectively to a wide range of cybersecurity threats, ensuring the organization remains resilient against evolving cyber challenges.

EY | Building a better working world 

 
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.  

 
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.  

 
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.