Security Incident Handler

DXC Technology (NYSE:DXC) - where brilliant people embrace change and seize opportunities to advance their careers and amplify customer success.

At DXC we pride ourselves on delivering excellence in everything we do. What this means for you is the opportunity to be a part of delivering innovative solutions and helping to solve real business problems for a wide variety of valued clients.

**What you will be doing**

As part of this role, the Security Incident Handler will be required to undertake reviews of alerts received into the SIEM platform or other security tools or means. This will involve investigating alerts that have been escalated to them by the Tier 1 and 2 staffs which require more detailed investigation before declaring an incident or escalating outside the Security Monitoring team.

**Responsibilities**:

- Perform detailed investigations into security alerts escalated from the Security Monitoring team
- Conduct thorough analysis of escalated security incidents, including threat extent, timeline analysis, and potential business impact
- Advise clients on containment, eradication, and recovery strategies for security incidents
- Write post-incident review reports for high-priority incidents
- Update tickets to adhere to documented standards, ensuring clean handovers
- Monitor components of the Security Monitoring service for operational issues and escalate as required
- Investigate and respond to frequently occurring or common security alerts
- Develop use cases for detecting security incidents, adhering to the MITRE ATT&CK Framework
- Conduct fine-tuning activities with clients and implement improvements
- Conduct tabletop exercises with clients on incident response
- Develop processes, procedures, and runbooks for security alerts

**Skills & Qualifications**:

- 3+ years’ as a Security Analyst or working in a Cyber Security Operations centre
- 3+ years’ experience working with standard operating systems (Windows, Unix)
- Hands-on experience with one or more SIEM systems (ArcSight, Splunk, Sentinel, SumoLogic)
- Hands-on experience with EDR / XDR products like MS Defender, CrowdStrike, SentinelOne etc
- Demonstrated security knowledge of Windows/Linux/Unix platforms and networking protocols
- Strong understanding of TCP/IP and networking concepts (OSI Model)
- Experience assisting the development and maintenance of tools, procedures, and documentation
- Experience with reviewing raw log files, data correlation, and analysis (i.e. firewall, network flow, IDS, system logs)
- Experience qualifying and documenting indicators of compromise (IOC’s)
- Solid and demonstrable comprehension of Information Security including malware, emerging threats, attacks, and vulnerability management
- Demonstrated understanding of the MITRE ATT&CK framework
- Knowledge of IT security controls (Network IPS, Vulnerability Scanning, Endpoint Protection, Firewalls, Cloud Access Security Brokers)
- Diploma/Certificate/Degree in Information Technology (Security preferred)
- Relevant industry certifications such as CEH, GCIH, Security+, Network+, MCSP, CCNA
- Cloud services (Amazon Web Services, Azure, Google Cloud) (Desirable)
- Forensic experience with computer systems (Desirable)

**Our culture & benefits**

DXC is committed to building better futures for our customers, colleagues, environment, and communities. We take care of each other and foster a culture of inclusion, belonging and corporate citizenship. We put this to action developing and implementing societal initiatives within our Social Impact Practice. #WeAreDXC

As an employer of choice, our “people first” philosophy means we offer competitive remuneration, benefits, training and career opportunities that reflect our commitment to improving the lives of our employees, and the communities in which we live and work.

In return, we agree to ensure a hiring process that is enjoyable, thorough, and fair. We strive to provide an environment that lets you thrive and show off the very best version of yourself, while learning about us at the same time.

Interviews and onboarding are conducted online, as part of us being a virtual-first company.

**We are an Equal Opportunity Employer**

DXC is proud to be an equal opportunity employer and we welcome submissions from people from all walks of life. We celebrate our diversity and recognise it is the unique contributions of our people that give us our edge.