Cyber Security Incident Response Specialist

Job description

SMBC Group is a top-tier global financial group.

Headquartered in Tokyo and with a 400-year history, SMBC Group offers a diverse range of financial services, including banking, leasing, securities, credit cards, and consumer finance.

The Group has more than 130 offices and 80,000 employees worldwide in nearly 40 countries.

Sumitomo Mitsui Financial Group, Inc.

(SMFG) is the holding company of SMBC Group, which is one of the three largest banking groups in Japan.

SMFG’s shares trade on the Tokyo, Nagoya, and New York (NYSE: SMFG) stock exchanges.



In the Americas, SMBC Group has a presence in the US, Canada, Ireland, Mexico, Brazil, Chile, Colombia, and Peru.

Backed by the capital strength of SMBC Group and the value of its relationships in Asia, the Group offers a range of commercial and investment banking services to its corporate, institutional, and municipal clients.

It connects a diverse client base to local markets and the organization’s extensive global network.

The Group’s operating companies in the Americas include Sumitomo Mitsui Banking Corp.

(SMBC), SMBC Nikko Securities America, Inc., SMBC Capital Markets, Inc., SMBC MANUBANK, JRI America, Inc., SMBC Leasing and Finance, Inc., Banco Sumitomo Mitsui Brasileiro S.A., and Sumitomo Mitsui Finance and Leasing Co., Ltd.



+ This is a hybrid role, requiring the successful candidate to attend our Tralee office.



**Role Description**



As a Cyber Incident Response Analyst, you will be a key part of a high performing SOC team, with a desire to continually improve and advance our capabilities to protect SMBC Group.

You will bring your passion for Cybersecurity to a team of like-minded professionals and leverage this passion to ensure our monitoring and response capabilities are effective and efficient and that we keep pace with a rapidly changing threat landscape.



You will relish your core role in supporting the monitoring and response of cyber security alerts and incidents by digging into and investigating them to find the root cause and identifying the gap in controls that allowed a threat to reach that point in the kill chain.

If you identify an incident, you will lead that technical analysis, tracking down the actions of that threat actor as part of the incident response, while supported by the wider Incident response process and members of the SOC and CSIRT teams.

If you identify a false positive, you will drive the effort to tune or refine our detections, or to drive improvements to our preventative controls to prevent a recurrence, freeing more time for the SOC to focus on improving our skills and capabilities.

With your knowledge and expertise, you will develop and hone the SOC through work-product review, mentoring, and ownership of projects to develop the technical capabilities of the SOC.



As part of a wider team of SOC analysts, you are able to focus on an area you are passionate about, or if sufficiently experienced, take the lead.

You will develop deep expertise and expand our capabilities in domains ranging from across Purple Teaming, Threat hunting, Digital Forensics and Incident Response (DFIR), Security Automation, Detection Engineering and Threat Intelligence and share this knowledge to develop the depth of knowledge of the SOC.

As part of a Financial Group with offices and data centers across the Globe, you will have access and exposure to leading technologies and tools.

If there is a gap in our toolset, you can help us identify and bridge that gap by acting as Subject Matter Expert to do so.

You will bring fresh ideas, challenge the status quo, and seek always to answer - how can we improve?



This role is best suited for candidates who enjoy and have experience within SOC or CSIRT teams and enjoy investigating and finding the root of an issue or incident and working on getting the most from leading edge security toolsets and platforms and processes.

Candidates who excel will think critically to find ways to resolve security challenges.

This role would suit an experienced and self-motivated cyber security professional with strong technical skills and knowledge combined with a passion for cyber security.



Note: Expectation is to be onsite once a month for this role.



**Role Objectives**



•Act as technical lead in the development and enhancement of capabilities such as Cyber Monitoring & Response/Purple Teaming/Threat Hunting/Digital Forensics/Incident Response

•Act as an escalation point for the analysis of security alerts or technical response to security events and incidents

•Review and guide the SOC personnel for well-written, complete, and thorough analysis

•Mentor and guide more junior SOC personnel sharing your knowledge and expertise.

•Develop and improve monitoring & response playbooks.

•Conduct proactive threat hunting and DFIR activities.

•Develop deep expertise in our monitoring systems and technology to act as an SME in working with our detection engineering and automation teams to enhance our abilities to prevent, detect & respond.

•Identify and test new adversary TTPs and our ability to detect and respond to them.

•Identify opportunities for efficiency, work hand in hand with Security Automation team to automate and improve our response processes.

•Assist in the implementation and ongoing support of security systems, acting as an SME for SOC related projects.

•Execute tasks or support projects to enhance team’s capabilities.

•Assist in defining SOC requirements for information technology projects.

•Act as a role model and set the standard for technical analysis within the SOC.

•Providing strong mentorship and guidance to more junior SOC team members by acting and leading by example.

Bring a positive outlook and seek to motivate and inspire your fellow team members.

•Demonstrate comprehensive understanding of cyber security best practices, risk vectors, mitigation techniques and protection software.

Display knowledge of network security concepts and tools such as firewalls, proxy servers, email security and suspicious traffic flows.

Exhibit analytical ability to lead incident response and mitigation efforts as well as identify key areas for improvement from post-incident analysis.

Show ability to convey cyber security polices and concepts to employees and lead training efforts to ensure all employees follow recommended best practices relating to cyber security.

•Strong understanding of MITRE ATT&CK Cyber Kill Chain and similar frameworks.

•Strong knowledge of security controls related to the detection, analysis, and response (SIEM, EDR, NDR, XDR, UEBA).

•Strong knowledge of Windows and Linux systems, Active Directory, Cloud technologies.



**Qualifications and Skills**



•5+ years of experience in cyber security experience required, ideally in a SOC, DFIR, or CSIRT role.

•Strong verbal and written communication skills with experience in documenting their work to a high level.

•Professional Certifications an advantage but not essential if have requisite role knowledge, GCIH, GNFA, GFCA, Certified Ethical Hacker (CEH), OSCP, CISSP or similar certifications a plus.

•Must be self-directed with the ability to work independently.

•Ability to multi-task and remain productive in a service-driven and results oriented environment.

•Demonstrated strong organizational, analytical, and problem-solving skills.



**Additional Requirements**



SMBC’s employees participate in a hybrid workforce model that provides employees with an opportunity to work from home, as well as, from an SMBC office.

SMBC requires that employees live within a reasonable commuting distance of their office location.

Prospective candidates will learn more about their specific hybrid work schedule during their interview process.



SMBC provides reasonable accommodations during candidacy for applicants with disabilities consistent with applicable federal, state, and local law.

If you need a reasonable accommodation during the application process, please let us know at accommodations@smbcgroup.com.

EOE, including Disability/veterans

Required Skill Profession

Other General