The skills we look for in Cyber Security Incident Response
We see many headlines about the evolving cyber security threat that affects all types of companies. At ASOS we have a Cyber Security team that works across the whole of ASOS to help protect our customers, our employees and our brand. Cyber Security is structured into specialist areas; the Cyber Security Incident Response Team (CSIRT) have the challenging task of detecting, investigating and mitigating anything that looks like a serious cyber threat.
If you’re reading this blog, you might be aware that dedicated CSIRTs tend to be heavily involved in detecting and responding to attempts at Payment Card Information (PCI) or Personal Data (PD) theft, and block/remove ransomware like Gandcrab, which can prevent you from accessing your own data. Nowadays, there are even Bots that will try to copy information from your website.
Fundamentally, CSIRT is about investigating serious issues in a calm, methodical, logical and error free manner. It’s also about working as a member of an elite team with experts in infrastructure, data protection, operations and legal.
At ASOS we’re continuing to evolve and improve our cyber security capability and we’re always on the lookout for talented team players who can help us deal with the challenging and continually evolving cyber-attack landscape.
So, we thought we would try and explain here what it is we look for when recruiting for members of our CSIRT. The first thing to note is that CSIRT is one of the seven teams within Cyber Security and we operate best when we work collectively to secure our customers, employees and brand.
We tend to structure our CSIRT into Analysts and Senior Analysts. Analysts will focus on detecting and responding to cyber-security incidents as well as performing digital forensic analysis. This role requires someone who is looking to grow skills and experience. You will have the opportunity to work with, and learn from, our Senior Analysts as well as Seniors in our other Cyber Security teams.
Senior Analysts will be the first to explore new attack vectors following known and often unknown threats which are yet to be discovered. They act as a spear edge when it comes to detecting and defining the right response to mitigate an attack. Mitigation is important, however attacks can mutate and reoccur. For this, our Seniors will define the critical prevention measures. In ASOS CSIRT we aim to make it extremely difficult for the cyber criminals.
CSIRT Analysts will need to work as one in a methodical way to reduce time-to-detect (TTD), time-to-respond (TTR) and time-to-mitigation (TTM). Devoted teamwork and synergy will continually and consistently reduce those.
When not responding to incidents, we work as a team to build in-house incident response capabilities, which may include; refining our investigation techniques; ensuring mitigations and preventive measures are being applied by the relevant teams within ASOS; developing cyber-response automation; improving our use of machine learning, authoring and adapting runbooks/playbooks; assessing the incident response maturity, and assisting in table-top cyber-scenario exercises.
As our ASOS Tech colleagues are leading the way on machine learning and are always looking for ways to optimise and improve our service, we have to ensure our Cyber Security team members have the opportunity to continually improve their skills. The Cyber department is equipped with the latest cyber security controls and toolset to detect and respond to intrusions. You’ll be exploring and working with technology few global CSIRTs have had the opportunity to engage with, such as Azure Sentinel SIEM on cloud, orchestrating responses using Logic Apps, automating IR in the world of Azure Kubernetes Service.
Above all, ASOS is looking for someone:
- Who is passionate about being part of a team on a mission to defend business operations and prevent cyber-attacks.
- Who wishes to run thorough investigations of external cyber threats throughout the incident response (IR) cycle to protect ASOS customers, employees and brand.
- Who can cross correlate information from different security controls and collaborate with relevant teams and third parties to run analysis and reach accurate findings.
- Who can conduct internal investigations of insider threats, looking into attempts at complex fraud or criminal activity in conjunction with the Physical Security and Fraud teams, whilst also collecting digital evidence applicable for prosecution in the court of law.
If this interests you, then your place is with ASOS CSIRT!
Behaviours are important — at ASOS we’re looking for an enthusiastic team player with some relevant experience and familiarity with security fundamentals and computer networks. We’re after someone with the hunger to learn, pursue digital evidence, question the obvious and prove the unobvious — being comfortable with the uncomfortable.
Requirements:
Digital Forensics and Incident Response GIAC certifications such as GFCE, GCFA are an advantage, as are Azure cloud security certifications to help deal with incidents in the Azure environment. If you don’t already possess these certifications, we can help you to achieve them.
You can apply to our open vacancies on Workday by following the links below:
Cyber Security Incident Response Analyst
Cyber Senior Security Incident Response Analyst
You can apply to our open vacancies on LinkedIn by following the links below:
Cyber Security Incident Response Analyst
Cyber Senior Security Incident Response Analyst
Yaniv Menasherov is the Incident Response Manager at ASOS —
being on the Blue side of Cyber Security and investigating digital crime scenes
are his greatest passions.
