CMS - Manager - Incident Response

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. 

The opportunity

In your role at EY, you’ll be inspired by a team of the brightest business and technical minds in cyber security. We are passionate champions for our clients and know from experience that the best solutions for our clients’ needs come from working hard together. As part of our team, your voice matters, and you will do important work that has impact, on people, businesses, and nations. Our industry and our company move fast, and you can be sure that you will always have room to learn and grow. We’re proud of our team and the important work we do to build confidence for a more connected world.

Your key responsibilities

The Security Operations Center (SOC) IR Manager leads and handles complex and high-priority incidents.  multiple Security technologies and produce enhancements that allow SOC team members to work collaboratively and efficiently while responding to threats. The individual in this role will work as part of a cybersecurity operations team responsible for carrying out 24x7 Incident detection and response.

• Lead the response to high-severity incidents, coordinating with other teams as necessary.
• Gather and preserve evidence, perform data collection, conduct a structured analysis of forensic data and present the findings to stakeholders.
• Work closely with other IT and security teams to address security incidents.
• Conduct thorough investigations to determine the root cause of incidents.
• Analyze and interpret packet captures using network protocol analyzers such as Wireshark and TCPdump.
• Perform endpoint analysis, live response, and memory collection and analysis.
• Proactively search for threats and vulnerabilities within the environment.
• Stay updated on the latest security trends, threats, and technologies.
• Analyze threat intelligence to identify potential risks.
• Formulate response and recovery steps for security incidents.
• Review and improve incident response processes and playbooks.
• Document incidents, response actions, and lessons learned for future reference.
• Prepare detailed incident reports and executive summaries for management and stakeholders.
• Lead and manage incident response calls.
• Lead post-incident reviews to assess the effectiveness of the response and identify areas for improvement.
• Provide guidance and mentorship to incident responders.

To qualify for the role, you must have

• Experience with digital forensics tools and techniques to investigate incidents.
• Proficient in utilizing SIEM solutions such as Splunk, Microsoft Sentinel, LogScale, Google Chronicle, IBM QRadar, or equivalent tools for effective incident response and analysis.
• Experienced in leveraging EDR/XDR solutions like CrowdStrike, Microsoft Defender, SentinelOne, Cortex XSIAM, Carbon Black, or similar platforms
• Understanding of security principles, techniques, and technologies such as SANS Top 20 Critical Security Controls and OWASP Top 10
• In-depth knowledge of network protocols, operating systems, and security technologies.
• Proficiency in incident detection and response tools
• Familiarity with malware analysis and reverse engineering.
• Proficiency in scripting languages (e.g., Python, PowerShell) for automating tasks and processes.
• Ideal candidate will have 8+ years of security related experience in areas such Security Operations, Incident Response, and Forensic Investigation.
• Analytical mindset & has the aptitude to learn on the fly.
• Strong problem-solving abilities to analyze complex incidents.
• Excellent verbal and written communication skills.

Ideally, you’ll also have

• Bachelor’s Degree relevant to Information Technology
• Related Certification such as CEH, CHFI, Sec+, ITILv3, GCFA, ECIH, GCIH, CySA+, etc

What working at EY offers

At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are.

You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer:

• Support, coaching and feedback from some of the most engaging colleagues around
• Opportunities to develop new skills and progress your career
• The freedom and flexibility to handle your role in a way that’s right for you

EY | Building a better working world 

 
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.  

 
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.  

 
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.