Cyber Security Incident Response and Engineering Team Lead

Cyber Security Incident Response and Engineering Team Lead

The eir evo Security Team is responsible for protecting and monitoring our clients' organisations. We provide 24x7x365 capabilities to protect, detect, analyse, and respond to cybersecurity incidents using a combination of technology solutions and a strong set of processes. This is a significant, established team supporting a range of enterprise client organisations.

The Security Operations Team then work closely with our clients and our Network Operation Team to ensure security issues are addressed quickly and effectively upon discovery.

Eir evo is looking for a senior Cyber Security Incident Response and Engineering Team Lead with knowledge and experience of responding to cyber incidents to join their team based in Dublin. This is a great opportunity to join a mature but still growing security team. 

• Develop an incident management framework and engage key players to educate and train them on the execution of the framework to resolve active incidents.

• Plan, organise, and lead regular incident response tabletop exercises and simulations to test the effectiveness of playbooks and identify areas for improvement.

• Take command and control of high-severity security incidents, coordinating response efforts across cross function teams (IT operations, legal, HR, communications, business units) and BU stakeholders (law enforcement, third-party vendors, forensic experts).

• Work with the detection and monitoring team to develop a process for triaging notable events and identifying and prioritising potential incidents.

• Host post-incident review meetings that focus on root cause analysis and transition findings to control owners / Risk Management as appropriate.

• Drive Incident analysis, conducting host forensics, network forensics, log analysis, and malware triage and working knowledge of relevant tooling in support of incident response investigations to determine root cause.

• Foresee forensic investigations & Incident response such as - analysis, reporting, scanning and troubleshooting.

• conduct performance reviews and support professional development.

• Continuous improvement to technology, identifying threats and vulnerabilities.

• Follow the chain of custody process, reporting, and tracking of digital evidence.

• Oversee design, implementation, and optimisation of SIEM, EDR/XDR, M365 and SOAR platforms.

• Ensure proper integration and maintenance of security tools and drive automation of security tasks and processes.

• Contribute to the development of security architecture and engineering initiatives to enhance overall security posture.

• Ensure compliance with regulatory requirements (e.g., NIST, ISO 27001).

• 5 years + experience in a similar role

• Good working knowledge of SIEM, SOAR, Firewalls, WAF and Proxy

• Hands-on experience with SIEM (Splunk, Elastic, Sentinel), EDR/XDR, vulnerability management.

• Experience with vulnerability tools and threat management, data loss prevention, and dark web monitoring.

• Relative Certifications eg. GCFA, GCFE, GCIH

• Additional cyber security certifications beneficial

Is this you?

• Passionate and Professional security mind set 

• Ability to communicate effectively with all levels of an organization from Engineering/Operations to CIO/CISO audiences

• 5+ years of experience in the information security field

• 3+ years of experience in SIEM deployment

• Experience in a technical customer service/technical support environment that adheres to service level agreements (SLAs)

• Strong understanding of SIEM and UEBA

• Good understanding of MITRE ATT&CK matrices, kill chains and other attack models.

• Strong knowledge of scripting languages such as Python, Powershell.

• Working knowledge of cloud technologies, windows infrastructure & networking.

• Experience integrating endpoint security and host-based intrusion detection solutions

• Education: Bachelor's Degree or equivalent preferably 

• Fluent English

• Experience in an MSSP environment or performing similar duties.

• Experience with deploying, maintaining, or using one or more of the following Security Solutions: SIEM, SOAR, Network IDS/IPS, Host IDS/IPS, Network Firewall, Host Firewall, Web Application Firewall, EDR, AV, DLP, Identity & Access Management, Web Proxy, Email Security

eir reserves the right to conduct appropriate suitability checks in relation to prospective employees including but not limited to reference checking and/or other searches using publicly available information.

We are committed to creating an inclusive and supportive work environment. If you require any reasonable adjustments during the application or interview process, please let us know, and we will work with you to meet your needs

#eirforall