Incident Response Senior Associate

Are you ready to make an impact at DTCC?

Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional development? At DTCC, we are at the forefront of innovation in the financial markets. We're committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve.

Pay and Benefits:

• Competitive compensation, including base pay and annual incentive.
• Comprehensive health and life insurance and well-being benefits, based on location.
• Pension / Retirement benefits
• Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
• DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).

The impact you will have in this role:

Being  a member of the Cyber Monitoring & Incident Response Team at DTCC, you directly contribute to the security and stability of the global financial system. The mission of the CMIRT is to protect the organization from external cyber threats and to respond to and manage cyber incidents. Through multiple teams located in different geographic locations, the team performs round-the-clock monitoring and leads cyber incident response, digital forensics, and eDiscovery functions. As a critical component of the risk organization, the team's performance and initiatives are scrutinized directly by the Executive Committee, Board of Directors, and numerous industry regulators. As a result of our critical mission, our team must maintain the highest standards of performance and ethical behavior. 

Principles that apply to every member of the CMIRT:

• Have Integrity - Tell the truth, protect the secrets that we are trusted with, and honor your commitments. 
• Be Present – Commit to the team by showing up on time and being prepared. 
• Communicate – Communicate regularly and be proactive. 
• Take Ownership – Regardless of title or position, own the outcome of the mission.
• Always Be Learning – Cyber security is not static, and neither is the CMIRT. 
• Make Honest Mistakes – Mistakes will be made. Own them and learn from them.

Your Primary Responsibilities:

Reporting to the CMIRT Regional Manager and working with technical leads and other associates, you are responsible for detecting, investigating, and responding to cyber security events in the organization as well as handling technical projects. You are a member of the Cyber Monitor Incident Response Team (CMIRT) and as a result may be tasked with responding to cyber incidents outside of normal work hours.

Expectations for the Incident Response Senior Associate:

• Monitor, Detect, Analyze, research, and respond to cyber security events including Network events, OS Log events and forensic information. 
• Demonstrate strong grasp of forensic interpretation of data. 
• Perform eDiscovery and other technical tasks. 
• Independently lead investigations and small projects. 
• Act as Incident Commander on minor (P3-P4) incidents. 
• Train and mentor junior staff members. 
• Collaborate with stakeholders from other business units to conduct investigations, review plans and procedures, and respond to cyber incidents. 
• Participate in training, exercises, and process improvement program. 
• Occasionally travel to conferences, training, and other DTCC offices (up to 10%). 
• Participate in on-call rotation and occasional after-hours work. 

**NOTE: The Primary Responsibilities of this role are not limited to the details above. **

Qualifications:

• At least four (4) years previous experience as a SOC analyst or similar role.
• Bachelor's degree preferred or equivalent experience.

Talents Needed for Success:

• Demonstrate the ability to research and mentor team members on interpreting on OS log files, network logs, flow data, packets and other security data.
• Knowledge on end to end Incident response process. 
• Demonstrate the ability to produce written reports including detailed analysis and recommendations. 
• Demonstrate the ability to convey complex technical concepts to both technical and non-technical audiences. 
• Knowledge on at-least one scripting language is advantageous.
• Be a subject matter expert in a particular technology or security domain as well as have hands-on experience and knowledge of security tools such as SIEM, EDR, IDS, NDR.
• Knowledge in DFIR best practices and Cloud security. 
• Intermediate to advanced level of Malware analysis skills in both sandbox and manual methods.
• Demonstrate the ability to take minimal high-level requirements and independently produce and execute an action plan to accomplish tasks. 
• Demonstrate the ability to independently prioritize and manage multiple tasks. 
• Demonstrate a strong desire to achieve and contribute to a high-performing team.