Senior Cyber Security Incident Response Team (CSIRT) Engineer

IHS Markit harnesses deep sources of information, analytics and expertise to forge solutions for the industries and markets that drive global economies. Our company partners with clients in business, finance and government to provide the unrivaled insights and perspectives that lead to well-informed, confident decisions.

Responds to escalated events from CSOC to develop and execute security controls, defense and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate company email, data, e-commerce and web-based systems. Researches advanced attempted or successful efforts to compromise systems security and designs countermeasures. Provides information to management regarding the negative impact on the business caused by theft, destruction, alteration or denial of access to information and systems. As it relates to information systems performs HR investigations and legal holds in a forensically sound manner. Consults with HR and legal subject matter experts to adhere to local country law.

* Identify potential trends in network traffic; investigate potential issues and escalate as appropriate * Use established procedures to identify potential security risks across company systems; make recommendations on and implement approved solutions based on best practice * Monitor systems for potential intrusion attempts * Implement security controls and enhancements as directed * Monitor and collect information required by legal holds as directed * Security auditing and penetration testing * IT Security threat management **Specific Job Duties** * Specifies and supports security specific technical controls (IPS, HIPS, WAFS, etc…) * Administers and supports security specific detection solutions & capabilities both commercial and custom developed in-house * Performs specific computer forensics investigations, analyses results, takes immediate action where warranted, and communicates/recommends remediation action plan. * Is involved with Malware reverse engineering as required/necessary to further incident analysis and response * May work with software development teams to review source-code for security deficiencies.

* Bachelor’s in Computer Science, related field or equivalent experience. * 8-11 years of computer systems/network technical experience * 3+ years in areas related specific to cyber security * One or more information security specific certifications (i.e. CISSP, CEH, GIAC, OSCP, etc...) * Strong time management skills with the ability to work to tight deadlines and handle the pressure of last minute requests with little to no supervision. **Knowledge & Skills Required** * Understanding of CSOC process * Knowledge of systems triage, containment and remediation * Knowledge of digital forensics procedures and related tools (FTK, Encase, etc…) * Knowledge of live memory capture * Experience with DevOps and SIEM tools (i.e. Chef, Puppet, Vagrant, Splunk, RSA SA, etc) * Strong scripting skills – Python, REST, JSON, etc… * Risk-based vulnerability and threat assessment * In-depth understand of ports, protocols, and network traffic analysis as it relates to network security * Experience using troubleshooting technique including but not limited to; network sniffers, syslog, and the Firewall capture command * Understanding of information security principles as it relates to systems and network security * Must be able to work effectively as part of a globally distributed team across multiple time zones * Must be able to effectively communicate technical information to both technical and non-technical personnel. **Organizational Relationships** * Reports to Sr. Manager IT Information Security * Interacts with other employees at all levels in the conduct of day-to-day activities. **External Relationships** * Develops relationships with professional organizations, peer groups and industry trade groups; participates in industry forums and user groups. * May be required to interact with external customers on current security posture of