Back to Search New Search

Security Engineer II / Incident Handler

First Data Jersey City, NJ

Job Description



As a member of First Data's Cyber Security Incident Response Team (CSIRT), the Incident Handler will coordinate the response activities for cyber security incidents across the Global company environment. The successful candidate will focus on reviewing, triaging, analyzing, and remediating cyber security incidents.  The Incident Handler is the escalation point for level one event analysts, and as such, will handle validated cyber security incidents, in accordance with the cyber security incident response process.  The successful candidate will perform functions such as log analysis, conduct in-depth technical analysis of network traffic and endpoint systems, enrich data using multiple sources, and will be responsible for rapid handling and mitigation of cyber security incidents.


The candidate will join a team of event analysts and incident responders, and will have an opportunity to participate in a number of Global cyber security initiatives.  Successful candidates should be familiar with incident response processes, network investigative techniques, network intrusion patterns, malware analysis,  and cyber security trends and issues. 

This position requires that the candidate be a lawful permanent resident of US Citizen.   The candidate should be able to travel domestically and/or internationally in support of the investigative response mission.

Responsibilities include:

  • Understands CSIRT functions and participates in analysis, containment, and eradication of cyber security events and incidents.
  • Handle cyber security incidents in accordance with the incident response process.
  • Perform analysis of logs from various security controls, including, but not limited to, firewall, proxy, host intrusion prevention systems, endpoint security, application and system logs, to identify possible threats to network security.
  • Perform remote and onsite live response activities.
  • Analyze malware and/or other suspicious files/email messages.
  • Analyze volatile system data.
  • Collaborate with level one event handlers and to improve prevention and detection methods.
  • Collaborate with security engineering teams to ensure proper function of tools used to support the incident response function.
  • Maintain proper documentation and creation of reports.


  • 3-6 year's experience working in incident response and/or other IT related fields tied to networking and enterprise information system environments.
  • Bachelor's degree in a technology field preferred.Interest in the cyber security field including specific focus on the following domains:  enterprise security defense, network and application penetration testing, vulnerability testing, and incident response.
  • Knowledge of network protocols, enterprise architecture, and common network logging functions. 
  • Experience with log analysis, malware analysis, forensic analysis.
  • Hands on experience with security tools, such as, Encase, Splunk, network forensic and capture tools, CarbonBlack, Tanium. 
  • Strong written and verbal communications skills.
  • Ability to prioritize assignments and efforts in a complex work environment. 
  • Direct working knowledge of enterprise incident management systems; such as RSA Archer and Resilient Systems.
  • Industry certifications such as CEH, CISA, Security + are desirable.
  • Experience work as part of a SOC or CSIRT team is desirable.
  • Scripting and programming skills are desirable.


Job Details

Date Posted August 31, 2017
Date Closes October 4, 2017
Requisition 170000B8
Located In Jersey city, NJ
SOC Category 00-0000.00