The mission of the Senior Information Security Engineer Incident Response is to lead preparation and response to Cyber Security Incidents.
The Senior Information Security Engineer Incident Response, is part of PMI’s global CSIRT team and is involved in the management and investigation of Security Incidents that are related, but not limited to, Operational data, Intellectual property, Employee Information and Customer/Partner data.
The Sr. Infosec Engineer's primary role is to manage the reported incidents in the investigation process. Understanding of the breach vectors and the exposure, while leading the creation and execution of remediation plans for different levels of incident severity, and by cross-functional partnerships with IT and business stakeholders and other members of the Infosec Team. This role will also ensure a timely closure of the incident and provide an end to end root cause analysis with supporting documentation.
Your “day to day”
- Lead Incident Response activities following the Cyber Incident Management process (Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned). Assembling and driving cross-functional Incident Response teams as needed.
- Build and develop close working relationship with other PMI teams involved in Incident Response, Crisis Management, and Continuity management (e.g. Legal, Crisis Mgt, Privacy, Markets, other IT and InfoSec teams).
- Develop, maintain, and train other PMI teams on comprehensive incident response activities and plans; Run incident tabletop exercises with relevant stakeholders on regular basis.
- Collaborate with the Cyber Threat Intelligence team to evolve team towards Threat Intel. Driven Incident Response.
- Participate in the continuous improvement of procedures and playbooks to optimize analysis and response activities and cover new use cases, in collaboration with our SOC and Threat Defense Operations teams.
What we offer
Our success depends on the men and women who come to work every single day with a sense of purpose and an appetite for progress. Join PMI and you too can:
- Seize the freedom to define your future and ours – we’ll empower you to take risks, experiment and explore
- Be part of an inclusive, diverse culture, where everyone’s contribution is respected; collaborate with some of the world’s best people and feel like you belong
- Pursue your ambitions and develop your skills with a global business – our staggering size and scale provides endless opportunities to progress
- Take pride in delivering our promise to society: to improve the lives of a billion smokers
Who we're looking for?
Who we’re looking for
- 2+ years previous experience in an incident response team in a senior role
- Experience assembling and leading incident response teams/taskforces (plan, brief, execute, debrief)
- Experience analyzing breach vectors while leading creation and execution of containment, eradication & recovery plans
- Experience writing incident reports and present them to leadership at different levels
- Advanced understanding of Information Systems (e.g. SysAdmin level)
- Advanced understanding of IaaS and SaaS solutions (e.g. AWS, Azure, Salesforce…)
- Hands-on experience of Security tools (e.g. SIEM, DFIR tools, scripting…)
- Ability to Observe, Orient, Decide, Act under challenging conditions
- Ability to work in an "on call" status as necessary
- Ability to communicate to a technical and non-technical audience
- Interest to develop a culture of trust and growth-mindset within our team
- Healthcare package
- Cold beverages
- Hot beverages