Incident Response Lead

As the Incident Response Lead you will be part of the CGI Global Security Operations Center (GSOC) team which provides security monitoring, detection and response services in CGI.

You can lead and conduct highly technical incident response engagements, setting the incident response plan, and working with and leading colleagues where required in the correct application of incident response processes within CGI.

In addition you will be a highly effective communicator and can communicate at all levels within the business. This role requires a thorough understanding of cyber security and in-depth knowledge and experience around cyber incident response, threat actor techniques, tactics and procedures (TTPs), computer networking fundamentals, modern threats and vulnerabilities, and forensics methodologies and tools.


• Provide technical leadership and conduct incident response engagements to ensure timely response, investigation and remediation execution across cloud, on premise and remote devices
• Help to develop incident response within the Global SOC, paying particular attention to best practices and advances in technology or cyber security
• Perform Advanced Digital Forensics Analysis, Host based or Network analysis as required during an investigation
• Act as the senior subject matter expert where required during security incidents
• Provide ideas and feedback to improve the overall SOC capabilities or maturity (focus on people and processes)
• Work closely with other teams to provide mitigation recommendations and lessons learned to reduce the overall security risk within the organisation
• Preform basic reverse engineering on malware using dynamic and static analysis
• Be part of an on-call roster providing 24/7 incident response functions
• Act as a mentor to junior analysts in GSOC


Required qualifications to be successful in this role
You should have expertise and demonstrate experience in working in a similar cybersecurity role or associated discipline.

• Previous experience leading incident response engagements
• Strong understanding of Incident Response methodologies and tools
• Strong understanding of networking fundamentals
• Strong understanding of Windows/Linux/Unix operating systems
• Strong understanding of operating system and software vulnerabilities and exploitation techniques
• SIEM Experience (e.g. Arcsight, Splunk, Logpoint, ELK)
• EDR Experience (e.g. CrowdStrike Falcon, SentinelOne, Microsoft Defender, Cortex)
• Network analysis experience with NDR technologies
• Malware Analysis (Static Analysis or Dynamic Analysis of captured file, Reverse Engineering)
• Experience of utilizing threat intelligence sources
• User investigations, Behavioural Analysis technology and or processes
• Experience with Insider Threat Investigations