This website uses cookies to ensure you get the best experience. Learn more

InfoSec Incident Responder

Discovery is a global leader in the media sector, serving passionate fans around the world with content that inspires, informs and entertains. Discovery delivers over 8,000 hours of original programming each year across deeply loved content genres.

The world is changing all around us. To continue to grow as a business over the next years we must look ahead, understand the changing trends and be prepared for that what's to come. We must get ready for tomorrow today. Join us to be part of the adventure. Discovery inspires people to be the best they can.

Currently in Poland we are looking for passionate people with various backgrounds to join our team in the fields of FP&A Centre of Excellence, Global Business Services, HR Services and Media Business.

The Role

As an InfoSec Security Incident Responder, you will be an elite member of the global Discovery InfoSec Cybersecurity Incident Response Team. You will be leading the incident response investigations for Discovery's internal customers, setting the world-class standards for professionalism, seniority, leadership, ownership and oversight.

You will work closely with fellow colleagues: InfoSec Incident Responders, Threat Intelligence and Threat Detection Experts, Security Threat Analysts and SOAR, SIEM, NDR and EDR Security Engineering leaders to take the visibility, protection and response capabilities continuously to the next level.

You will have a tactical ownership of our global Managed Detection and Response SOC Provider, steering their efforts in the most desired direction, to enhance our abilities to respond to modern cybersecurity threats.

You will report directly to the Senior Director, Cybersecurity Incident Response within the Discovery InfoSec organization.


We have all the exciting ingredients and challenges that a global Company can offer in the modern Security Incident Response domain, across the threat landscape, technology, operations and intelligence. You will have a significant level of autonomy and ownership of the Incident Response in the Company.

Your main responsibilities will be:

• Lead, steer and oversee the technical response to advanced cyber security incidents, when triaged, investigated and escalated by the global SOC
• Act as highest level of technical escalation for security incidents identified by Managed SOC Provider Analysts and Incident Responders
• Establish priority and urgency on a wide spectrum of potential incidents and advise the appropriate response
• Conduct investigations on infrastructure through forensic analysis to identify Indicators of Compromise (IoCs)
• Lead the Intelligence-Driven Hypothesis-Based Threat Hunting initiative and cultivate the hunt lifecycle across our massive global IT estate
• Advise on the development of SOC runbooks and procedures through constant feedback and advising on the iterative improvement
• Advise on the automation and orchestration playbooks and, working closely with our InfoSec SOAR and ITSM Engineering
• Advise on the security data collection and analytics, working closely with our InfoSec Platform Engineering and Architecture, SIEM, NDR and EDR included
• Advise on Threat Detection and Threat Intelligence strategy to ensure a comprehensive and relevant coverage across the MITRE ATT&CK Matrix and potential threat actors targeting the Company
• Collaborate and advise the Business Owners to contain and resolve security incidents within broad IT domains across the Company
• Advise on the security posture improvements within the post-incident activities to take our cyber resiliency to the next level
• Maintain incident reporting and communication strategy with senior InfoSec and Company Business Leadership

Preferred Qualifications

We are looking for a "full package" seasoned Security Incident Response professional, with a demonstrated track record in the industry. Thus, we expect you to have a broad experience in analyzing, triaging, scoping, containing, providing guidance for remediation, and determining the root cause of cybersecurity incidents.

We expect intimate familiarity with the craft of collecting and analyzing security incident related data to identify indicators of attack and compromise.

An ideal Candidate would have a passion for learning new technologies, collaborating with other experts to find solutions, and have a calm and positive attitude with a sense of humor in the neverending battle against the evolving threats.

• 4-6 years of experience with increasing responsibilities within a Security Operations Center / CERT / CIRT / CSIRT / MDR environments
• Comfortable familiarity with all aspects of the modern Incident Response lifecycle
• Good understanding of the threats faced by direct to consumer and digital platform organizations
• Hands-on technical experience with application security topics such as the OWASP top 10
• Hands-on technical experience with SIEM & logging tools (Splunk, Kibana, Qradar) and the ability to extract actionable intelligence from large volume aggregated log storage
• Hands-on technical experience with SOAR Platforms and the concepts of runbooks and automation
• Knowledge and appreciation of MITRE ATT&CK Matrix and its practical applications
• Solid knowledge of TCP/IP networking and protocols.
• Hands-on technical experience with public cloud infrastructure and concepts, specifically cloud-native security tools
• Working knowledge of network and content security systems such NGFW, Proxy, Email Security, Routing and Switching
• Familiarity with Identity Access Management and SSO brokers
• Hands on technical experience with open source and commercial proprietary threat intel tools for intelligence gathering
• SANS GIAC Incident Response certifications (GSEC, GCIH, GCIA, GCFA, GREM) are a substantial plus
• Other high-end cybersecurity and IT certifications are a plus
• Solid time management and organizational skills
• Solid communication and presentation skills

Apply Now

Share this