Incident Manager - Mexico City Metropolitan Area - Publicis Re:Sources

Descripción

Incident Manager (Forensics) Senior Associate

Overview

The Senior Associate, Information Security - Forensics is part of a global team and is responsible for incident response of cyber security incidents that are associated with our businesses, clients, and vendors; is technically skilled and ensures incident containment, remediation, and closure. This individual will be expected to work closely with the legal, data privacy, business, and client teams. They should be comfortable with interacting with senior executives, including C-level staff.

Responsibilities:

Incident Leadership

• Serve as the Incident Commander, leading the full lifecycle of cybersecurity incident investigations and response efforts.
• Coordinate cross-functional communication during high-severity incidents, ensuring rapid containment and clarity across teams.
• Present concise, accurate written and oral reports to executive and operational leadership.

Forensic Analysis & Investigation

• Analyze compromised or potentially compromised systems using advanced forensic tools and methodologies.
• Conduct complex forensic investigations into system breaches, data leaks, and architectural weaknesses.
• Coordinate evidence and data collection to ensure thorough and reliable incident documentation.

Reporting & Documentation

• Prepare detailed security incident reports that transform technical findings into actionable insights for decision-makers.
• Document investigation steps, timelines, technical observations, and remediation impacts with precision and clarity.

Threat Intelligence & Continuous Learning

• Maintain current knowledge of attacker TTPs, advanced persistent threats, emerging tools, and incident response best practices.
• Apply threat intelligence insights to strengthen investigative techniques and enhance incident detection capabilities.

Technical Guidance & Support

• Provide expert technical guidance to teams on incident monitoring, triage, response workflows, threat and vulnerability management, and security analysis.
• Mentor team members and support growth in incident response competencies across the organization.

Process Optimization & Strategic Direction

• Identify and drive opportunities to improve incident management efficiency and response workflows at scale.
• Champion the integration of automation and AI-driven tools to accelerate detection, triage, and resolution.
• Contribute to the long-term strategic direction of the company's cybersecurity and incident response programs.

Qualifications:

• EDR Experience- CrowdStrike and/or SentinelOne with experience investigating and analyzing malware and other malicious activity.
• Experience with forensics tools such as FTK, EnCase, Autopsy to collect and analyze file system artifacts, process history, application artifacts, memory collection and analysis for physical and cloud systems (Windows, Mac, Linux).
• 4 or more years of experience in an analytical role of either forensics analyst (Linux, Windows, or MacOS), threat analyst, incident response, SOC analyst, or security engineer/ consultant.
• Experience with cloud environments such as: Azure, AWS, GCP – knowing how to collect and analyze logs from Guard Duty/ Defender and CloudTrail, etc.
• Familiarity with the MITRE ATT&CK or related frameworks.
• Experience developing and managing incident response programs with focus on efficiency through AI development.
• Strong communication skills with confidence leading Incident Response calls with different stakeholders; followed by producing detailed incident reports.
• Proficient insocial engineering, phishing, and related fraud schemes.
• Strong general knowledge of security concepts and expertise in network and web application security issue s.
• Experience with a scripting language such as Python, Bash, PowerShell, or other scripting language in an incident handling environment.