Specialist, Incident Response

Job description / Role

Job Purpose

Investigate, analyze, and respond to cybersecurity incidents. Investigate security incidents that may negatively impact ADNOC (Abu Dhabi National Oil Company), including hacking attempts, intrusions, virus infections, mishandling of information, and other security threats. Provide support during large incidents and investigations, and participate in threat hunting activities.

Define, develop, maintain, and regularly test incident response processes and procedures.

Define and create use cases and scenarios to address new threats and improve security monitoring and alerting capabilities.

Key Accountabilities

• Coordinate and provide expert technical support to enterprise-wide cybersecurity technicians to resolve cyber defense incidents.
• Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.
• Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system (IDS) logs) to identify possible threats to network security.
• Perform cybersecurity incident triage, including determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediation.
• Perform initial, forensically sound collection of images and inspect to discern possible mitigation or remediation on enterprise systems.
• Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts.
• Track and document cybersecurity incidents from initial detection through final resolution.
• Perform real-time cybersecurity incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs).
• Write and publish cybersecurity techniques, guidance, and reports on incident findings to appropriate constituencies.
• Employ approved defense-in-depth principles and practices.
• Collect intrusion artifacts (e.g., source code, malware, Trojans) and use discovered data to enable mitigation of potential cybersecurity incidents within the enterprise.
• Write and publish 'after action' reviews.
• Monitor external data sources to keep understanding current cybersecurity threats, stay up to date, and determine which security issues may have an impact on the organization.
• Coordinate incident response functions.
• Provide expert technical support to resolve cyber defense incidents.
• Coordinate with threat intelligence analysts to correlate threat assessment data.
• Report cyber incidents to inform cyber defense.
• Identify and select the most effective sources of information to assist with incident investigation.

Relationship Management

Develop and maintain effective business relationships with all relevant internal functions, departments, and external entities such as shareholders, key government authorities, service providers, vendors, and other key stakeholders with the highest standards of business ethics, whilst promptly attending to all critical issues to ensure the services required by the organization are delivered in the most effective manner.

Vendor Management

• Provide technical expertise and guidance to conduct market analysis for new technological developments and the adaptability of relevant developments on data protection within the organization, in order to ensure that technology at ADNOC stays current.
• Lead the provision of technical expertise in developing RFPs and RFQs relevant to enterprise architecture; guide and advise the preparation of tendering and contractual documentation to ensure cost-effective and quality services are obtained for ADNOC.
• Guide and participate in the negotiation of contractual terms and Service Level Agreements (SLA) ensuring protection of ADNOC's interests and receipt of optimum level of services to facilitate IT operations.

Supervision

• Plan, supervise, and coordinate all activities in the assigned area to meet functional objectives.
• Train and develop the assigned staff on relevant skills to enable them to become proficient on the job and deliver the respective business objectives.

Budgets

• Provide input for preparation of the function, division, department, or section budgets, assist in the implementation of the approved budget, and work plans to deliver business objectives.
• Investigate and highlight any significant variances to support effective performance and cost control.

Policies, Systems, Processes & Procedures

Implement approved function, division, department, or section policies, processes, systems, standards, and procedures in order to support execution of the work programs in line with company and international standards.

Performance Management

Contribute to the achievement of the approved performance objectives for the function, division, department, or section in line with the company performance framework.

Innovation and Continuous Improvement

• Design and implement new tools and techniques to improve the quality and efficiency of operational processes.
• Identify improvements in internal processes against best practices in pursuit of greater efficiency in line with best industry standards in order to define intelligent solutions for issues confronting the function.

Health, Safety, Environment (HSE) and Sustainability

Comply with relevant HSE policies, procedures, controls, applicable legislation, and sustainability guidelines in line with international standards, best practices, and ADNOC Code of Practices.

Reports

Provide inputs to prepare MIS and progress reports for company management.

Communications & Working Relationships

Internal

• Frequent contact with senior management of all directorates on key issues relating to enterprise architecture and adoption of state-of-the-art technology in line with ADNOC's vision.
• Regular contact with counterparts in ADNOC group companies on intra-group coordination on enterprise architecture related issues.

External

• Frequent contact with contractors, consultants, and suppliers at managerial level on matters relating to the acquisition of IT services for enterprise architecture.
• Technical meetings for enterprise architecture aspects with contractors and all other teams across ADNOC and other stakeholders.
• Occasional contacts with senior management of international oil companies for exchange of information, benchmarking, study visits, and training programs.
• Regular contacts with international IT service providers and telecommunication providers on matters related to IT services and strategic directions.

Qualifications, Experience, Knowledge & Skills

Minimum Qualification

• Bachelor's degree in Information Technology, Computer Science, Information Security, or equivalent.

Minimum Experience & Knowledge & Skills

• 9 years of experience in information security or related technology experience.

Professional Certifications - Preferred

• CEH (Certified Ethical Hacker)
• GIAC Certified Intrusion Analyst
• GIAC Certified Incident Handler
• GIAC Certified Forensics Analyst
• Certified Computer Forensics Examiner
• Certified Reverse Engineering Analyst
• CompTIA Cybersecurity Analyst (CySA+)
• CompTIA Security+

Technical Competencies

As per approved competency dictionary.

About the Company

We are one of the world's leading energy producers, and a primary catalyst for Abu Dhabi’s growth and diversification.

We operate across the entire hydrocarbon value chain, through a network of fully-integrated businesses, with interests that range from exploration, production, storage, refining and distribution, to the development of a wide-range of petrochemical products.

Since 1971, we have created thousands of jobs, driven the growth of a diverse knowledge-based economy, and played a key role in Abu Dhabi’s global emergence.

Today, we continue to look for new and innovative ways to maximize the value of our resources, pioneering those approaches and technologies that will ensure we are able to meet the demands of an ever-changing energy market, and continue to have a positive impact on the Abu Dhabi economy for generations to come.