Computer Security Incident Response (CSIRT) Specialist

  • Competitive
  • Alpharetta, GA, États-Unis
  • CDI, Plein-temps
  • New York Life Insurance Company
  • 20 nov. 17 2017-11-20

Computer Security Incident Response (CSIRT) Specialist

New York Life Insurance Company ("New York Life" or "the company") is the largest mutual life insurance company in the United States*. Founded in 1845, New York Life is headquartered in New York City, maintains offices in all fifty states, and owns Seguros Monterrey New York Life in Mexico.

New York Life is one of the most financially strong and highly capitalized insurers in the business. The company reported 2016 operating earnings of $1.954 billion. Total assets under management at year end 2016, with affiliates, totaled $538 billion. As of year-end 2016, New York Life's surplus was $23.336 billion**. New York Life holds the highest possible financial strength ratings currently awarded to any life insurer from all four of the major ratings agencies: A.M. Best, A++; Fitch AAA; Moody's Aaa; Standard & Poor's AA+. (Source: Individual Third Party Ratings Report as of 8/17/16).

Financial strength, integrity and humanity-the values upon which New York Life was founded-have guided the company's decisions and actions for over 170 years.

The Incident Response Specialist is a key function of the Computer Security Incident Response Team (CSIRT) reporting to the CSIRT Manager. The CSIRT Specialist will utilize their background in regulatory and governance frameworks, technology and incident response procedures to act as a subject matter expert in Cybersecurity Incident Response.

The Specialist will leverage subject matter expertise to perform ad-hoc current state maturity assessments, working with team members and enterprise stakeholders in the development and maintenance of the organization's Cyber Incident Response Program including program documentation, execution and maintenance of processes, implementation and use of technologies to create efficiencies within existing capabilities.
The Specialist will have knowledge of current attack methodology including but not limited to threat actor tactics, techniques and procedures (TTPs). The Specialist shall leverage this knowledge in the context of the organization and any incident to estimate the business impact, assigning priority and severity as appropriate.

This role requires a demonstrated capability of effectively communicating incident identification, analysis and response updates to technical and non-technical audiences including senior management, business partners, and technologists.

The Specialist will be adept in incident and crisis management, able to assert authority and calm in stressful situations, leveraging established and ad-hoc process to guide response efforts in alignment with industry best practices, regulatory compliance and legal obligation.
The Specialist will be a self-starter, able to own complex initiatives and execute on tactical objectives, in alignment with organizational strategy, with a minimum of supervision and guidance. The highest levels of professionalism, integrity and accountability are required for this role.

Education:

  • Bachelor Degree; BS or MA in Computer Science, Information Security, or a related field
  • Minimum experience 5-7 years
  • 5+ years of experience in an incident response role
  • 3+ years of experience with regulatory compliance and information security management frameworks desired (e.g., IS027000, COBIT, NIST Cyber Security Framework, NIST 800-61 r.2, NIST 800-83 etc.)
  • One of more industry specific certifications preferred:
    • Certified Information Systems Security Professional (CISSP)
    • GIAC Certified Incident Handler (GCIH)
    • GIAC Certified Intrusion Analyst (GCIA)
    • ISACA Certified Information Security Manager (CISM)
    • ISACA Certified in Risk and Information System Controls (CRISC)

  • Digital forensic or cyber threat intelligence experience a plus
  • Military, law enforcement, emergency management / incident management experience a plus.
    Technical Expertise:
  • Ability to consume and synthesize threat intelligence and emerging threats to the business
  • Understanding of attacker methodology
  • Knowledge of and an active interest in: information security; cyber-crime; electronic fraud and information security trends
  • Knowledge of IT end-to-end problem management and root cause analysis
  • An ability to perform independent analysis of complex problems, identify root causes and propose solutions
    Business Knowledge:
  • An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business
  • Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
  • Proficiency in working in a fast-paced, complex, dynamic, multicultural business environment
  • An ability to effectively influence others to modify their opinions, plans, or behaviors
  • An ability to work extremely well under pressure while maintaining a professional image and approach
  • An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, and actionable manner
  • A team-focused mentality with the proven ability to work effectively with diverse stakeholders
    Leadership:
  • Proficiency in process formulation and improvement
  • Strong organizational skills and the ability to perform in a command-and control role under pressure, and the ability to manage multiple priorities with competing demands for resources
  • Excellent leadership and communication skills
  • Proficiency in working in a fast-paced, complex, dynamic, multicultural business environment
  • An ability to effectively influence others to modify their opinions, plans, or behaviors
  • An ability to work extremely well under pressure while maintaining a professional image and approach
  • A team-focused mentality with the proven ability to work effectively with diverse stakeholders
  • Self-motivated, able to take ownership of assigned tasks and see them through to a positive outcome
  • Works independently with guidance in only the most complex situations
    Problem Solving:
  • Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
  • Proficiency in process formulation and improvement
  • Ability to consume and synthesize intelligence about actors, techniques or situations to identify emerging risk scenarios
  • Strong analytical and problem-solving skills
  • Proficiency in working in a fast-paced, complex, dynamic, multicultural business environment
  • Knowledge of IT end-to-end problem management and root cause analysis
  • An ability to perform independent analysis of complex problems and distill relevant findings and root cause
    Decision Making:
  • An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business
  • Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
  • Proficiency in process formulation and improvement
  • Ability to consume and synthesize intelligence about actors, techniques or situations to identify emerging risk scenarios
  • Understanding of IT Service & Delivery Management
  • Strong analytical and problem-solving skills
  • Knowledge of IT end-to-end problem management and root cause analysis
  • An ability to perform independent analysis of complex problems and distill relevant findings and root causes
    Communication Skills:
  • An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, and actionable manner
  • Strong communication skills with a proven ability to understand key concepts and communicate with technical staff, and senior management
  • The ability to present a command presence, as a subject matter expert, during time of crisis to manage conversation and communication regarding cyber security incident.
  • A dedication to thoroughness, accuracy and completeness in communications both written and verbal.
  • An ability to effectively influence others to modify their opinions, plans, or behaviors
  • An ability to work extremely well under pressure while maintaining a professional image and approach
  • A team-focused mentality with the proven ability to work effectively with diverse stakeholders
  • An ability to effectively influence others to modify their opinions, plans, or behaviors

Major Responsibilities:
  • Performs incident analysis to identify and classify cyber security incidents
  • Responds to computer security incidents according to established response processes, leverages subject matter expertise where established processes do not exist
  • Acts as a subject matter expert regarding CSIRT incident response processes
  • Provides guidance to other stakeholders during the incident response process
  • Provides timely and relevant updates to appropriate stakeholders and decision makers
  • Validates and maintains incident response plans and processes
  • Compiles and analyzes data for management reporting and metrics
  • Analyzes potential impact of new threats and communicates risks via appropriate channels
  • Stays up to date on current attack trends through independent research
  • Provides advice and guidance to the business regarding CSIRT best practices
SF: LI-CC1
SF: EF-CC1
EOE M/F/D/V

If you have difficulty using or interacting with any portions of this Web site due to incompatibility with an Assistive Technology, if you need the information in an alternative format, or if you have suggestions on how we can make this site more accessible, please contact us at: (212) 576-5811.

* Based on revenue as reported by "Fortune 500, ranked within Industries, Insurance: Life, Health (Mutual)," Fortune Magazine, June 17, 2016. See http://fortune.com/fortune500/ for methodology.
** Total surplus, which includes the Asset Valuation Reserve, is one of the key indicators of the company's long-term financial strength and stability and is presented on a consolidated basis of the company.

1. Operating earnings is the key measure use by management to track Company's profitability from ongoing operations and underlying profitability of the business. This indicator is based on generally accepted accounting principles in the US (GAAP), with certain adjustments Company believes to be appropriate as a measurement approach (non GAAP), primarily the removal of gains or losses on investments and related adjustments.

2. Assets under management represent Consolidated Domestic and International insurance Company Statutory assets (cash and invested assets and separate account assets) and third party assets principally managed by New York Life Investment management Holdings LLC, a wholly owned subsidiary of New York Life Insurance Company.