Cyber Detect

**The Role**:
**Where you fit in?**

The purpose of the IRM Function is to ensure (as a second line of assurance, with Internal Audit providing the Third Line of Assurance) that Shell is addressing Information Risks in an effective and efficient manner, commensurate with Shell risk appetite, and being seen as an industry leader among peers and key suppliers of security services.

The Information Risk posture of Shell includes a wide variety of potential business impacts, such as HSSE impacts, production loss, financial and maintenance operations loss, loss of Most Confidential bidding data.

As part of the CyberDefence capability, the global Incident Response team focuses on responding to security incidents, performing detailed investigation and limiting Business impact as much as possible. The team responds to a wide variety of incidents ranging from malware infections to system compromises to Shell data exposures on the internet. Incidentcontainment is measured in hours which requires dealing with ambiguity, prioritizing, improvising and actively influencing stakeholders.

**What’s the role?**

As Cyber Detect and Response Advisor you are responsible for executing the Shell IRM Incident Management process:

- Operate and improve the Incident Response process.
- Perform technical and procedural investigations and execute response activities on IRM incidents or potential incidents.
- Provide triage, data acquisition and advice on incidents to rapidly diagnose problems and identify immediate treatment.
- Mature use of tools to support incident investigations, harvesting and analysis.
- Drive process improvements in incidents, forensics across all supplier teams.
- Manage stakeholders during incidents and report on incidents to our stakeholders.

Accountabilities:

- Execute the Shell IRM Incident Management process.
- Serve as an Incident manager working with IT and the business stakeholders to rapidly and effectively resolve information security incidents.
- Perform triaging, data acquisition and provide advice on incidents to rapidly diagnose problems and identify immediate treatment.
- Drive improvements in incidents across all supplier teams.
- Document incidents in the incident case management system.
- Deliver Incident investigations:

- Serve as an Incident manager working with a team of Incident Response staff to rapidly and effectively resolve information security incidents.
- Investigate and find root causes of incidents and document the lessons learned.
- Track and report status and drive rapid resolution of incidents and situations involving IRM controls.
- Liaise with authorities and support investigation and prosecutions where relevant.
- Follow-up on detections resulting from scanning activities searching for indicators of compromise.

Common Tool Support
- Maintain and support the toolset used for all cross-process IRM activities.
- Help develop and deploy new IRM tools in ITSO
- Support proof of concept deployments and document results

**What we need from you ?**
- Experience in Information Security areas such as Incident Response, penetration testing, Risk management, or strong IT Operational experience with a clear interest in IT security
- Is a knowledgeable, creative and responsible IT security professional that can deal with ambiguity.
- Has excellent analytical skills and appreciates a technical challenge.
- Has good written and verbal communication skills and provides well-informed advice.
- Influences stakeholders to prioritize providing support to incident response activities.
- Actively drives assignments to a contained state and closure within a short timeframe (hours / days).
- Demonstrates an understanding of the issues of interest to Shell and proposes viable solutions within the scope of own expertise, taking into account the needs of those affected.
- Maintains knowledge and experience of current practice within own area of expertise and is aware of current developments within own area of expertise.
- Develops and maintains knowledge of Cyber security and maintains an awareness of current developments.
- Promotes transfer of knowledge and awareness of information security to those in related areas.
- Is comfortable working in a virtual team.
- Demonstrable experience performing incident response and IT forensic investigations.
- Incident Management and IT forensics skills, with the ability to communicate effectively at all levels of the Organisation (IT and non-IT).
- Strong interpersonal skills, with the ability to network across (team and IT organisation) boundaries.
**Translated Company Description
- Pro-active and self-motivated, committed to achieving deadlines and results.
- Demonstrated evidence of Enterprise First values and behaviours.
- ** The Incident Analyst is part of an on-call procedure to enable 24/7 response capabilities. This includes regular standby during weekends (usually one weekend per month) and/or holidays.**

**COMPANY DESCRIPTION**

**An innovati