±Forensic Focus Partners

Become an advertising partner

±Your Account


Forgotten password/username?

Site Members:

New Today: 1 Overall: 34071
New Yesterday: 1 Visitors: 143

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

Symantec - Lead Incident Responder - Reading/London

Basic listing free. Premium listing includes listing on Forensic Focus homepage and RSS newsfeed, notification sent to Forensic Focus Twitter followers, a post to the Forensic Focus Facebook page, a post to the Forensic Focus LinkedIn Group and guaranteed inclusion of a link in the Forensic Focus newsletter. Learn more.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts

Symantec - Lead Incident Responder - Reading/London

Post Posted: Mon May 15, 2017 9:48 am

Symantec is the global leader in information security. The Cyber Readiness & Response organization is a critical component of Symantec’s Managed Security Services and Intelligence offerings that helps clients predict, prepare, detect, and respond to modern threats by increasingly sophisticated attack actors.

As part of this organization, the Incident Response Team is chartered to work collaboratively with customer and partner teams to provide rapid proactive and reactive threat response, investigations, and breach response for Symantec’s customers. As Investigator, you will work collaboratively with Symantec and partner teams to find and eradicate threats to customer environments. You will gain exposure to some of the largest and most complex environments around, as well as some of the most highly targeted, advanced attacks out there.

• Be a primary first responder for incidents for Symantec customers
• Collect and process the evidence needed to conduct highly-confidential investigations for Symantec customers
• Contribute to client reports on relevant findings
• Participate in the improvement and development of methodologies, process/procedure manuals and documentation

Required Technical Skills
• Expert understanding of network protocols, TCP/IP fundamentals
• Expert understanding of operating systems (Windows, Linux or OS X, iOS/Android)
• Expert understanding of intrusion detection systems (e.g. Snort, Suricata) and tools (e.g. tcpdump, Wireshark) OR expert in one or more of the following:
• Knowledge of Malware Triage and Reverse Engineering
• Knowledge of network based services and client/server applications
• Knowledge of enterprise systems and infrastructure
• Expert understanding of network architecture and security infrastructure placement
• Familiarity with security tools such as Anti-Virus, Anti-Spam/Email security systems and Data Loss Prevention Tools; Symantec tools a plus.
• Expert understanding of computer/network forensics tools (e.g. Encase, NetWitness)
• Expert understanding of legal/regulatory aspects of Incident Response processes and methodologies
• Background performing computer security incident response and digital forensics

Other Required Skills
• Ability to successfully interface with Symantec partners and clients at both technical and executive levels
• Ability to document and explain technical details clearly and concisely
• Solid attention to detail
• Strong written and communication skills
• Ability to present a professional appearance and demeanor during a crisis and in high stress situations

• 4 year college degree in computer science or related field is desired
• Industry certification in multiple operating systems and/or network technologies
• Minimum 7 years experience in an information security discipline
• SANS GIAC Certified Incident Handler (GCIH) or GIAC Certified Forensic Examiner (GCFE) certification and certification on one or more computer/network forensics solutions is desired

Additional Desired Skills
• Government security clearances highly desired
• Experience in working with global systems integrators and partner ecosystems
• Experience with programming/scripting languages
• Background in operational information security disciplines (e.g. incident response, security infrastructure management or monitoring services)
• Experience in config/mgmt of feeds into event aggregation and correlation systems (e.g., Splunk, ArcSight)
• Awareness of or experience with competitor Incident Response services or technology

To apply please contact Martin_OConnor @ Symantec.com directly.  


Page 1 of 1