The Incident Response Sr. Manager reports to the Incident Response Director in delivering incident response duties and initiatives.

This role performs sophisticated computer and network forensic investigations that pertain to different types of cyber threats, including malware, data theft, denial of service, and data breaches. They collaborate with the SOC to quickly evaluate, resolve, or escalate incidents for appropriate action. Additionally, the incumbent works together with IT and other teams to pinpoint the underlying issues and create effective corrective and preventive measures. To enhance the organization's security posture and incident response capabilities, the employee collaborates with peers in threat assessment and provides recommendations to the Incident Response Director.

Demonstrates proficiency in:

• The use of host and network forensic methods and tools
• Information security, networking, and client/server architectures
• The current and emerging landscape of cyber threats
• The application of threat intelligence in incident response and forensic investigations
• Malware analysis and comprehension of attack methodologies
• Navigating and querying enterprise logging solutions to extract and manipulate data
• Analyzing network, host, and user activity data to detect irregularities.

• Some travel may be required.

Core Responsibilities

• Function as an incident response handler, directing IT and other departments during security incidents, including evidence preservation, corrective action, and preventive actions
• Conduct advanced computer and network forensic investigations relating to various forms of malware, computer intrusion, theft of information, denial of service, data breaches, etc.  Assist in identifying and remediating gaps as identified throughout the investigation.  Maintain technical knowledge within areas of expertise via formal training and self-education
• Analyze malware, reverse engineer code when necessary to understand the impact of the malware, and root causes of the malware related incident
• Design, document, and implement incident response processes, procedures, guidelines, and solutions.  Responsible for technical and executive level reports on incident response issues.

Job Requirements

Knowledge of:  

• Hacker techniques, tools, and motivations
• Operating systems (Windows, OS X, Linux and UNIX)
• Multilayer security architectures and controls
• Application architecture (mainframes, databases, web, middleware, virtual)
• Network architecture (firewalls, routers, switches and load balancers)
• Security technologies (IDS/IPS, advanced endpoint protection, AV)

Skill in:

• Analyzing file system images, memory images and network packet captures
• Using commercial and open source security testing tools
• Problem solving with missing information while under pressure with short deadlines
• Dynamic malware analysis and indicator extraction
• Indicator pivoting, tracking and analysis
• Ability to prioritize multiple tasks rapidly, formulate a plan, respond quickly and communicate with customers and leadership

Desired skills but not required:

• Programming in two or more of the following: C, Java, .NET, SQL, Python
• Shell scripting in two or more of the following: Perl, Bash, PHP, WMI, SED
• Reviewing application source code for security vulnerabilities
• Using debuggers and/or de-compilers
• Reverse engineering complex code, using tools such as IDA Pro, OllyDBG and other similar tools
• Speak languages other than English (Japanese, Chinese, etc)

Ability to:

• Take on new responsibilities and influence others as needed to deliver consistent results
• Strong verbal communications skills and concise written communication skills
• Strong organizational and multi-tasking skills
• Pick up new skills through self-learning and on the job training
• Innovate and stay current on security technologies

Experience

• 7 years of security experience
• 2-3 years of forensic experience
• 3-5 years of malware analysis
• 5-7 years of hands on incident response
• 3-5 years of SIEM experience
• 5-7 years of cyber threat tracking
• 1-2 years of exploit / hack tool research and/or development
• 1-2 years of experience with IDS/IPS/Full Packet capture devices

Certification/Licenses

Requested

• Incident and Forensic Security certification (SANS)

Desirable

• Information Security certification
• CISSP (Certified Information Systems Security Professional)
• CISA (Certified Information Security Auditor), or equivalent

Vendor certifications/training (e.g. Axiom, Crowdstrike, etc.)

Ethical hacking certifications

• Offensive Security OSCP (Certified Professional),
• EC-Council CEH (Certified Ethical Hacker), or equivalent

The anticipated base salary for this position is $128,100 to $171,300. This role may also qualify for annual incentive and/or comprehensive benefits. The actual base salary offered will depend on a variety of factors, including without limitation, the qualifications of the individual applicant for the position, years of relevant experience, level of education attained, certifications or other professional licenses held, and if applicable, the location of the position.
*Sony Pictures Entertainment is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status, age, sexual orientation, gender identity, or other protected characteristics.