Cyber Incident Handler

Cyber Incident Handler - Santander Digital Services

Country: Spain

**WHAT YOU WILL BE DOING**

**SANTANDER DIGITAL SERVICES is looking for a Cyber Incident Handler based in our Boadilla del Monte office.**

**WHY YOU SHOULD CONSIDER THIS OPPORTUNITY**

**Santander Digital Services (SDS) **is the team of technology and operations at Santander. We are convinced of the importance of technology that is aligned with the requirements of the business and that out work not only brings value to users, people and communities but also fosters individual creativity. Our team of over 7,000 people in 8 countries (Spain, Portugal, Poland, UK, USA, Mexico, Chile and Brazil) develops and/or implements financial solutions across a broad spectrum of technologies (including Blockchain, Big Data and Angular among others) on all kinds of on-premise and cloud-based platforms.

Santander is proud of being an organization where there are equal opportunities regardless of gender identity, culture and disability. Our mission is to contribute to help more people and business prosper. We embrace a strong risk culture and all of our professionals at all levels are expected to take a proactive and responsible approach toward risk management.

**WHAT YOU WILL BE DOING
As a **Cyber Incident Handler **, you will be responsible for providing expertise to analyse, manage and investigate cyber incidents.

We need someone like you to help us in different fronts:

- Handle and respond to cyber security incidents to ensure comprehensive and cohesive world class response: First triage activities, Analyze incidents and determine their impacts, Notification and Escalation of incidents according to its impacts, - Participate in the containment, eradication, and recovery of major incidents, Document and keep track of every activity related with the incident response process.
- Manage complex cyber security incidents globally across the group. Become part of a world class capability that will own, respond and coordinate significant incidents ensuring successful resolution and adopting lessons learnt to increase the cyber resilience of Santander.
- Orchestrate the necessary human and technical resources for the resolution of high impact cyber incidents.
- Design and supervise an organized approach to address and manage the aftermath of a security breach or cyberattack in order to limit damage on internal systems, data, and networks and reduce recovery time and costs.
- Drive continuous improvement in Santander´s cyber response capability through your involvement in the cyber readiness programme across the Global Cyber Respond Team.
- Review and coordinate projects related with the development and improvement of Incident Response plans, policies, and procedures ensuring a consistent, professional and disciplined approach.
- Participate in the cyber exercises programme to develop capabilities globally:

- Design and execute focused development plans for entities and internal teams, addressing gaps in capability through innovative training solutions and cyber exercises, such as:

- Live simulation / table top to test processes, such as critical business and technical playbooks. Technical simulations, such as Cyber Ranges
- Skills labs on the use of cyber incident orchestration tools and threat intelligence platforms.
- Preparation and final QA of incident reports and minutes oriented to senior management audience.
- Contribute to the establishment of a strong and collaborative Global Community between Cyber Threat Units.

EXPERIENCE
- 1+ year of experience working as Cyber Incident Handler with a broad understanding of information security and previous experience as part of a CIRT, CSIRT or similar incident response team.

EDUCATION
- Degree such in computer science, engineering or similar

SKILLS & KNOWLEDGE
- Knowledge of Incident Response and Handling methodologies - Experienced level.
- Knowledge of cyber incident categories, incident response, and timelines for responses.
- Knowledge of cyber defense and information security procedures and regulations.
- Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
- Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
- High level of English.

**Recommended**
- Desired one or more of the following certifications (CISSP, CISA, CISM, CEH, OSCP, GCIH).
- Experience in the financial/banking industry.

**OTHER INFORMATION**

Be available to participate in the incident response procedure in 24x7 basis, 8/hour shifts, and On-Call scheme.