Incident Response Specialist

Sun Prairie, WI, USA

Applications have closed

QBE Insurance

QBE Insurance Group is one of the world's top 20 insurance and reinsurance companies, located in 27 countries. Visit us for company information.

View all jobs at QBE Insurance

Primary DetailsTime Type: Full time

Worker Type: Employee

This is a HYBRID role with in-office responsibilities based out of our Sun Prairie, WI office.

The Opportunity

Reporting to regional team leads, the Security Incident Responder will be a key member of our rapidly growing Global Security Operations team.  

This is an exciting hands-on technical role in which the specialist will use their security skills and knowledge to perform advanced analysis on the collection of cyber threats using high-level proactive and reactive threat hunting methods, classifying, analysing, prioritising and remediating security alerts/events. 

The focus is to provide effective, proactive and a highly technical analytical response to cyber security-related incidents to prevent QBE from becoming compromised by modern attack methods and techniques. 

 

Primary Responsibilities 

  • Translates business objectives into security objectives by providing support in design/architecture for new security applications to improve the current security posture globally for QBE.  

  • Contributes to, monitors and advises on the planned developments and changes in order to ensure relevancy, compliance and optimal delivery. 

  • Recommends and implements initiatives, develops IR processes and procedures. 

  • Contribute to the ongoing development of security operations “best practice” and support continuous improvement. 

  • Provide guidance regarding security technical support, and influence peers in following best practice. 

  • Manage business continuity plan, and information back-up procedures, to ensure minimal disruption in the event of Cyber Attack.  

  • Implement security initiatives aimed at improving the existing infrastructure. 

  • Review new security products and ascertain their suitability for the QBE environment. 

  • Execute threat hunting activities using various proprietary and open source tools to identify current and emerging threats that pose a risk to QBE. 

  • Perform advanced analysis on collection of cyber threats using high-level proactive and reactive threat hunting methods. 

  • Build strong relationships with internal and external stakeholders to maintain and improve QBE security and enhance knowledge and information sharing. 

  • Actively communicate with staff and third parties to correctly identify and resolve problems and manage their expectations.  

  • Document incidents, requests and problem management information to ensure required compliance standards/SLAs are achieved. 

  • Use security tools and resources to correlate suspicious events, providing context around the event, determine root cause and provide regular updates and recommend modifications to existing systems and procedures. 

  • Perform deep-dive incident analysis of various data sources by analysing and investigating security related logs against medium-term threats and IOCs 

  • Actively manage and apply the phases of Incident Response (preparation, identification, containment, eradication, recovery and lessons learned) 

  • Execute vulnerability and web application assessments; provide analysis and recommendations to mitigate potential threats. 

  • Makes moderately autonomous operational decisions on threats to QBE’s systems, assets and business operations and provide recommendations for mitigating controls and/or remediation. 

  • Act as a point of reference to guide and advise others to ensure the sharing of knowledge and best practice throughout the team.  

 

Required Qualifications 

Education: Bachelor’s Degree or higher in a security related field or substantial relevant experience. 

  • Experience: 3-5 years relevant security experience performing similar duties working in a Security Operation Center.  

Preferred Qualifications 

Security certifications in any of the following: SANS (GCIH, GCIA, GPEN, GREM), ISC2 (CISSP, CCSP), ISACA, CEH, CREST, OSCP or equivalent 

 

Preferred Knowledge 

  • Advanced understanding of tools, techniques and procedures that modern attackers use to compromise organizations. 

  • Demonstrable understanding of various security frameworks and methodologies such as OWASP 10, SANS TOP 25, NIST Incident Reponses, CERT Model, Diamond Model, MITRE ATT&CK, and the Extended Cyber Kill Chain. 

 

Preferred Competencies/Skills 

  • Advanced technical expertise of security solutions and technologies, including: Windows, Linux, Networking, Security Architecture experience and knowledge of packet flow/TCP/UDP traffic, Firewall and proxy technologies, cloud solutions, anti-virus, static and dynamic malware analysis techniques. 

  • Expert in performing analytics with different types of logs, i.e. network, active directory, database, DNS, firewall, proxies, host-based security, cloud and applications logs etc. 

  • Working experience in leading security incidents at all levels related to incident response 

  • Working experience in managing 2nd/3rd level security events 

  • Ability to manage strong relationships with global security operations colleagues and other departments, including network teams and incident managers. 

  • Demonstrated ability to make decisions on remediation and counter measures 

  • Be able to communicate effectively and update senior stakeholders globally. 

Primary Responsibilities

  • Translates business objectives into security objectives by providing support in design/architecture for new security applications to improve the current security posture globally for QBE.

  • Contributes to, monitors and advises on the planned developments and changes in order to ensure relevancy, compliance and optimal delivery.

  • Recommends and implements initiatives, develops IR processes and procedures.

  • Contribute to the ongoing development of security operations “best practice” and support continuous improvement.

  • Provide guidance regarding security technical support, and influence peers in following best practice.

  • Manage business continuity plan, and information back-up procedures, to ensure minimal disruption in the event of Cyber Attack.

  • Implement security initiatives aimed at improving the existing infrastructure.

  • Review new security products and ascertain their suitability for the QBE environment.

  • Execute threat hunting activities using various proprietary and open source tools to identify current and emerging threats that pose a risk to QBE.

  • Perform advanced analysis on collection of cyber threats using high-level proactive and reactive threat hunting methods.

  • Build strong relationships with internal and external stakeholders to maintain and improve QBE security and enhance knowledge and information sharing.

  • Actively communicate with staff and third parties to correctly identify and resolve problems and manage their expectations.

  • Document incidents, requests and problem management information to ensure required compliance standards/SLAs are achieved.

  • Use security tools and resources to correlate suspicious events, providing context around the event, determine root cause and provide regular updates and recommend modifications to existing systems and procedures.

  • Perform deep-dive incident analysis of various data sources by analyzing and investigating security related logs against medium-term threats and IOCs

  • Actively manage and apply the phases of Incident Response (preparation, identification, containment, eradication, recovery and lessons learned)

  • Execute vulnerability and web application assessments; provide analysis and recommendations to mitigate potential threats.

  • Makes moderately autonomous operational decisions on threats to QBE’s systems, assets and business operations and provide recommendations for mitigating controls and/or remediation.

  • Act as a point of reference to guide and advise others to ensure the sharing of knowledge and best practice throughout the team.


Required Education

  • Bachelor's Degree or equivalent combination of education and work experience


Required Experience

  • 5 years relevant experience


Preferred Competencies/Skills

  • Advanced technical expertise of security solutions and technologies, including: Windows, Linux, Networking, Security Architecture experience and knowledge of packet flow/TCP/UDP traffic, Firewall and proxy technologies, cloud solutions, anti-virus, static and dynamic malware analysis techniques

  • Expert in performing analytics with different types of logs, i.e. network, active directory, database, DNS, firewall, proxies, host-based security, cloud and applications logs etc.

  • Working experience in leading security incidents at all levels related to incident response

  • Working experience in managing 2nd/3rd level security events

  • Ability to manage strong relationships with global security operations colleagues and other departments, including network teams and incident managers.

  • Demonstrated ability to make decisions on remediation and counter measures

  • Be able to communicate effectively and update senior stakeholders globally


Preferred Experience

  • Advanced understanding of tools, techniques and procedures that modern attackers use to compromise organizations.

  • Demonstrable understanding of various security frameworks and methodologies such as OWASP 10, SANS TOP 25, NIST Incident Reponses, CERT Model, Diamond Model, MITRE ATT&CK, and the Extended Cyber Kill Chain.


Preferred Licenses/Certifications

  • GIAC Certified Incident Handler (GCIH)

  • GIAC Certified Intrusion Analyst (GCIA)

  • GIAC Penetration Tester (GPEN)

  • GIAC Reverse Engineering Malware (GREM)

  • Certified Information Systems Security Professional (CISSP)

  • Certified Cloud Security Professional (CCSP)

  • Council for Registered Ethical Security Testers (CREST)

  • Offensive Security Certified Professional (OSCP)

Preferred Knowledge

  • Advanced understanding of tools, techniques and procedures that modern attackers use to compromise organizations.

  • Demonstrable understanding of various security frameworks and methodologies such as OWASP 10, SANS TOP 25, NIST Incident Reponses, CERT Model, Diamond Model, MITRE ATT&CK, and the Extended Cyber Kill Chain.


About QBE

We can never really predict what’s around the corner, but at QBE we’re asking the right questions to enable a more resilient future by helping those around us build strength and embrace change to their advantage.

We’re an international insurer that’s building momentum towards realizing our vision of becoming the most consistent and innovative risk partner.

And our people will be at the center of our success. We’re proud to work together, and encourage each other to enable resilience for our customers, our environment, our economies and our communities.

With more than 12,000 people working across 27 countries, we’re big enough to make a real impact, but small enough to provide a friendly workplace, where people are down-to-earth, passionate, and kind.

We believe this is our moment: What if it was yours too?

Your career at QBE — let’s make it happen!

https://www.linkedin.com/company/qbe-north-america/ 


US Only - Travel Frequency

  • Infrequent (approximately 1-4 trips annually)


US Only - Physical Demands

  • General office jobs: Work is generally performed in an office environment in which there is not substantial exposure to adverse environmental conditions. Must have the ability to remain in a stationary position for extended periods of time. Must be able to operate basic office equipment including telephone, headset and computer. Incumbent must be able to lift basic office equipment up to 20 lbs.


US Only - Disclaimer

  • To successfully perform this job, the individual must be able to perform each essential job responsibility satisfactorily. Reasonable accommodations may be made to enable an individual with disabilities to perform the essential job responsibilities.


Job Type

  • Individual Contributor

Inclusion of Diversity

At QBE, we are deeply committed to fostering an inclusive workplace where each person is valued and respected for their authentic selves. If you require any assistance, such as alternative interview accommodations during the recruitment process, please do not hesitate to inform our Talent Acquisition team.

Compensation

Base pay offered will vary depending on, but not limited to education, experience, skills, geographic location and business needs

Annual Salary Range: $84,000 - $127,000

AL, AR, AZ, CO (Remote), DE, FL, GA, IA, ID, IL (Remote), IN, KS, KY, LA, ME, MI, MN, MO, MS, MT, NC, ND, NE, NH, NV, OH, OK, OR, PA, SC, SD, TN, TX (Remote, Plano), UT, VA, VT, WI, WV and WY
* * * * *

Annual Salary Range: $93,000 - $139,000

CA (Remote, Fresno, Irvine and Woodland), Greenwood Village CO, CT, Chicago IL, MA, MD, NY (Remote), RI, Houston TX and WA
* * * * *

Annual Salary Range: $105,000 - $159,000

NJ and New York City NY

Benefit Highlights

You are more than your work – and QBE is more than a workplace, which is why QBE provides you with the benefits, support and flexibility to help you concentrate on living your best life personally and professionally. Employees scheduled over 30 hours a week will have access to comprehensive medical, dental, vision and wellbeing benefits that enable you to take care of your health. 

We also offer a competitive 401(k) contribution and a paid-time off program. In addition, our paid-family and care-giver leaves are available to support our employees and their families. Regular full-time and part-time employees will also be eligible for QBE’s annual discretionary bonus plan based on business and individual performance. 

At QBE, we understand that exceptional employee benefits go beyond mere coverage and compensation. We recognize the importance of flexibility in the work environment to promote a healthy balance, and we are committed to facilitating personal and professional integration for our employees. That's why we offer the opportunity for hybrid work arrangements.

If this role necessitates a hybrid working model, candidates must be open to attending the office 8-12 days per month. This approach ensures a collaborative and supportive work environment where team members can come together to innovate and drive success.


Global Disclaimer

  • The duties listed in this job description do not limit the assignment of work. They are not to be construed as a complete list of the duties normally to be performed in the position or those occasionally assigned outside an employee’s normal duties. Our Group Code of Ethics and Conduct addresses the responsibilities we all have at QBE to our company, to each other and to our customers, suppliers, communities and governments. It provides clear guidance to help us to make good judgement calls.

 

How to Apply:

To submit your application, click "Apply" and follow the step by step process.

Equal Employment Opportunity:

QBE is an equal opportunity employer and is required to comply with equal employment opportunity legislation in each jurisdiction it operates.

Job stats:  0  0  0

Tags: Active Directory Analytics CCSP CEH CERT CISSP Cloud Compliance CREST Cyber Kill Chain DNS Firewalls GCIA GCIH GIAC GPEN GREM Incident response ISACA Linux Malware MITRE ATT&CK NIST Offensive security Open Source OSCP OWASP Reverse engineering SANS SLAs Windows

Perks/benefits: Career development Competitive pay Health care Salary bonus Team events

Region: North America
Country: United States

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.