Incident Response Specialist - Security Team - EA
10 days ago
Protecting our players and our employees from hacks and attacks is the core focus of the EA Security team – and we love what we do. You have a chance to work in an innovative entertainment company whilst also driving critical security initiatives for players and employees worldwide. You will utilize your outstanding cybersecurity, organization, and communications skills in delivering results through collaboration with EA Security team, IT (Information Technology), and Digital Platform teams, and Game Studios.
Incident Response Specialist/ Monitoring and Response Project Specialist at EA
You will make EA a secure place to work and build amazing games! You will report directly to the Head of The Global Security Incident Response and be involved in the planning, delivery, and hands-on implementation of key projects to improve the monitoring and response capability across EA.
The mission of this role will be to help define and implement improvements to EA’s monitoring and response capability across the company. This includes on-premise infrastructure, cloud environments (AWS (Amazon Web Services), GCP and Azure), and Online Linux-based environments where player/player infrastructure exists. You will have a strong incident response and hunting experience in cloud and on-prem environments, be familiar with using EDR (Endpoint Detection & Response), SIEM (Security Intelligence Event Management), and other security analytics tools.
Your work will be aligned to the MITRE ATT&CK framework and you will work closely with your customers in the Incident Response Operations, Threat Intelligence Unit (TIU), and Security Operations Centre. The role is expected to work across teams including other EA Security teams and stakeholders across EA’s Enterprise IT and Online IT teams, and Game Studios (FIFA, Codemasters, DICE, Respawn, Bioware, Maxis etc.) to deliver security monitoring and incident response capabilities.
- Define required monitoring solutions : Assess on-prem or cloud environments to determine the most effective approach for monitoring and response of these environments. This should factor in existing tools/data sources, overall cost of approach, signal-to-noise of alerts and the MITRE ATT&CK techniques in scope. After consulting with partners and stakeholders you should be prepared to socialise the approach with leaders to get buy-in.
- Capability Trials: Perform proof of concept (PoC) trials with new monitoring platforms/tools as necessary – this is end-to-end from initial vendor meetings, through to partnering with TIU to performing necessary tuning/correlation to achieve higher signal/lower noise.
- Implement Monitoring Required Solutions: Partner with Engineering team to productionise the capabilities and data sources required for the selected environments. Once the required tooling is in place work with TIU to perform necessary tuning to ensure high fidelity monitoring. Partner closely with the SOC to ensure smooth handover for 24/7 monitoring.
- Manage EA Security stakeholder relationships: Internally with IR Ops, TIU and other EA security teams such as BSOC, Enterprise Security, Application Security, Fraud and Governance Risk and Compliance. Support manager with ensuring strong relationships with external teams such as EAIT, Game Studios and Online.
- Incident Response support during major security incidents.
- Detections authoring as per direction of TIU to ensure that monitoring solutions are able to detect against the required MITRE ATT&CK techniques.
Skills, Knowledge, and Abilities
- Strong incident response or SOC experience is mandatory. This must include demonstrable hosted cloud-based IR experience.
- Proven hands-on experience using a range of security forensics and hunting tools including EDR and SIEM.
- Strong technical familiarity with cloud environments including AWS, GCP and Azure.
- Experience creating detections to spot attack techniques is highly desirable.
- The ability to quickly learn, understand and apply new security tools and skills to perform duties.
- Strong organisational skills.
- Good relationship builder and good negotiator - stakeholder management.
- Good under pressure.
- Detail orientated.
- You must be willing to travel to other EA locations, as necessary.
- Excellent overall communications, presentation, facilitation, and diplomacy skills.
- Demonstrable ability to work effectively in a fast-paced, high volume, deadline-driven environment.
- The ability to balance multiple demands and work both independently and as part of a team.