DFIR incident handler/manager

Cognizant Corporate Security is looking for a DFIR (Digital Forensics and Incident Response) Incident Handler Analyst to work on the ‘front lines’ for its Corporate and Healthcare services line of business. We are looking for a passionate, experienced incident response professional to serve as a key player in our incident response process and work with our global incident response team to track and manage information security events and incidents.

About Cognizant

Cognizant (Nasdaq-100:CTSH) is one of the world's leading professional services companies, transforming clients' business, operating and technology models for the digital era. Our unique industry-based, consultative approach helps clients envision, build and run more innovative and efficient businesses. Headquartered in the U.S., Cognizant is ranked 194 on the Fortune 500 and is consistently listed among the most admired companies in the world. Learn how Cognizant helps clients lead with digital at www.cognizant.com or follow us @Cognizant.

About the Team / Business Unit

Corporate Security at Cognizant is an enterprise wide oversight body responsible for the overall security posture of the organization’s physical (tangible) and data (intangible) assets. The group is responsible for aligning the enterprise wide security requirements to business goals through strategic governance and continuous assurance processes. The governance process encompasses development and implementation of policies, standards, best practices and reference frameworks around Risk Management, Data Loss Prevention and data protection. The continuous assurance functions like security risk assessments and audits, security monitoring, and policy compliance activities facilitates strict adherence to enterprise, client and global regulatory and security requirements.

About You:

You will work in the Global Cyber Operations team and will be responsible for the following actions:

  • Act as the incident response manager to track and manages security events and incidents effectively in accordance with our incident response plan
  • Assign appropriate resources for each event and provides support throughout the response process.
  • Determines and identifies severity and impact and assigns appropriate priorities to all events and incidents
  • As a member of the core incident response team, coordinate with Privacy, Compliance Investigations, Corporate Security, and others as warranted
  • Serve as a centralized point of communication and provides appropriate briefings to executive staff and other stakeholders as needed.
  • Assist with post-incident activities.

Required & nice to have Skills:

Must Have:

  1. Experience managing high impact, high visibility incident response events and incidents of various types, including APTs, vulnerability exploitation, web applications,  and possible data exfiltration
  2. Understanding and knowledge with collecting, analyzing, and escalating security events
  3. 4+ years in Information Security
  4. 2+ years in DFIR
  5. Experience working in fast-paced 24x7 operational environments
  6. Able to communicate in a professional manner during high-stress situations
  7. Use project management skills in tracking and reporting on incident status and progress
  8. Understanding of common tools used in event analysis, incident response, computer forensics, and malware analysis
  9. Experience with EnCase and/or Magnet a plus
  10. Thorough understanding of cyber security operations, including alert monitoring and SIEM tools
  11. Understanding of standard network protocols
  12. Understanding of security controls for common devices, including Windows, IPS/IDS, proxy, EDR, firewalls, and email security
  13. Knowledge of Mitre ATT&CK and cyber kill chain frameworks
  14. Relevant industry certifications, such as but not limited to GCIA, GCIH, GDAT, GCFE, and GFCA
  15. Strong technical experience in three of the five areas below
  16. Host forensics (Windows / Mac / Linux)
  17. Network traffic analysis
  18. Log Review
  19. Malware triage
  20. Cloud technologies, including AWS, Azure, and GCP

Nice to Have/ Your chance to grow:

  • Experience with forensic tools
  • EnCE certification

If you’re comfortable with ambiguity, excited by change, and excel through autonomy, we’d love to hear from you!


Contact me:

Bernard Pire
Director, Global Cyber Operations
m. + 32 497 041585

Gem job