Csirt Cyber Threat Responder

What does a successful CSIRT Cyber Threat Responder do at Fiserv?

As a member of Fiserv’s Cyber Security Incident Response Team (CSIRT), the Cyber Threat Responder will coordinate the response activities for suspected and confirmed cyber security incidents across the Global Fiserv environment. The successful candidate will be the main point of contact in managing the full incident response lifecycle, focusing on rapid containment, executing in-depth investigation and analysis, tracking eradication, and driving lessons learned and after-actions associated with Cyber Security Incidents.

The Cyber Threat Responder is the escalation point for Cyber Threat Analysts (T1). The successful candidate will provide timely response and identification of possible attacks, intrusions, anomalous activities, misuse activities, and distinguishes incidents and events from benign activities. The successful candidate will perform functions such as log analysis, conduct in-depth technical analysis of network traffic and endpoint systems, enrich data using multiple sources, and will be responsible for rapid handling and mitigation of cyber security incidents.

What you will do:

• Perform analysis of logs from various security controls, including, but not limited to, firewall, proxy, host intrusion prevention systems, endpoint security, application and system logs, to identify possible threats to information security.
• Collaborate with security engineering teams to ensure proper function of tools used to support the incident response function.
• Track and document cyber defense incidents from initial detection through final resolution.
• Assist in the construction of signatures, which can be implemented on cyber defense network tools in response to new or observed threats within the network environment or enclave.
• Collaborate with Tier 1 Cyber Threat Analysts and to improve prevention/detection methods, procedures, and workflows.
• Understand CSIRT functions and participates in analysis, containment, and eradication of cyber security events and incidents.
• Perform remote and onsite live response activities, including analysis of malware, suspicious files/email messages, volatile system data, or network traffic patterns and artifacts.

What you will need to have:

• Knowledge of network protocols, enterprise architecture, cloud architecture, and common network logging functions.
• This position requires that the candidate be a US Citizen or a permanent resident. The candidate should be able to travel domestically and/or internationally in support of the investigative response mission.
• Preferred experience with basic penetration testing or offensive security techniques.
• Bachelor’s degree in a technology field preferred, or relevant experience and/or industry certification
• 3-6 years’ experience working in incident response and/or other IT related fields tied to networking and enterprise information system environments.
• Interest in the cyber security field including specific focus on the following domains: enterprise security defense, network and application penetration testing, vulnerability testing, and incident response.
• In-depth experience with log analysis, malware analysis, forensic analysis.
• Hands on experience with security tools, such as, Crowdstrike, Chronicle, Splunk, network forensic and packet capture tools.

What would be great to have:

• Scripting and programming skills are desirable.
• Experience work as part of a SOC or CSIRT team is desirable.
• Industry certifications such as GCIH, GREM, GCFA, GCFE, CISSP, CEH, CISA, Security + are desirable.

Perks at work:

• Join Employee Resource Groups that promote our diverse and inclusive culture where associates can share perspectives, exchange ideas, and elevate careers.
• Advance your career with training, development, certification, and internal mobility opportunities.
• Prioritize your health with a variety of medical, dental, vision, life, and disability insurance options and a range of well-being resources through our Fuel Your Life program.
• Plan for your future with competitive salaries, the Fiserv 401(k) Savings Plan, and our Employee Stock Purchase Plan.
• Maintain a healthy work-life balance with paid holidays, generous time off policies, including Unlimited Recharge & Refuel for qualifying associates, and free counseling through our EAP.
• We’re #FISVProud of our commitment to your overall well-being with a growing offering of physical, mental, emotional, and financial benefits from day one.
• Recognize and be recognized by colleagues with our Living Proof program where you can exchange points for a variety of rewards.

Important info about this role:

• This is a full-time, direct-hire role, meaning no C2C, C2H, or remote options are available.
• We’re better together. This role is fully on-site for the first 90 days and on-site Monday through Thursday after that.
• In order to be considered, you must be legally authorized to work in the U.S. without need for visa sponsorship, now or in the future, as it will not be provided for this role.

What you should know about us:

Fiserv is a global fintech leader with 40,000-plus (and growing) associates proudly serving clients in more than 100 countries. As a FORTUNE™ 500 company, one of Fast Company’s Most Innovative Companies, and a top scorer on Bloomberg’s Gender-Equality Index, we are committed to excellence and purposeful innovation.

More about life at Fiserv and joining our team:

Find out more about us and how you can take the next step at careers.fiserv.com. Whenever you're ready for a change, we're ready to help.

#LI-RM1