Cyber Security/Incident Response Technical Lead
Posted on Aug 28, 2020 by Request Technology - Robyn Honquest
Cyber Security Technical Lead
Salary: $120k to $150k + $15k to $20k bonus
Cyber Security/Incident Response Technical Lead with 8+ years information security SOC/Incident response. You will be analysing IOC/Alerts and have experience utilizing SIEM such as Splunk (preferred) ArcSight, QRadar, Threat Intel, incident response digital forensics end user notifications analysing various security events and incidents.
Responsible for managing security incidents identified from enterprise SIEM tool, threat intelligence, end user notifications, etc. to determine security risk and responding accordingly
Coordinate response, triage and escalation of security events affecting the company's information assets and activities within the Incident Response team
Responsible for understanding the threat landscape by working with other Cyber functions such as Threat detection, Threat Intelligence, Digital Forensics etc. and in building & executing required action plan
Support development of SOPs, Resiliency plans, and other necessary documentation to support Security Operations
Routinely participate in the review of new SIEM use cases, develop & update incident response playbooks to ensure response activities align with best practices, minimize gaps in response and provide comprehensive mitigation of threats
Augment Incident response team to ensure 24/7 coverage and operations. Responsibilities sometimes will require working evenings and weekends, sometimes with little or no advanced notice
8+ years of Information Security or related risk management experience
Bachelor's degree in Information Security, Computer Science, Information Technology, related field or equivalent work experience
3-5+ years of Hands on Information Security SOC/Incident Response experience with analysing IOCs/Alerts as identified by SOC & Threat Intel teams
Demonstrated experience in handling security events in mission critical environments; hands-on troubleshooting, analysis, and technical expertise to resolve incidents and service requests; previous experience in troubleshooting day-to-day operational processes such as security monitoring, data correlation, security operations etc.
Good grasp of security incident response, such as different phases of response, vulnerabilities vs threats vs actors, Indicators of Compromise (IoCs), etc.
Strong knowledge of enterprise detection technologies and processes (Advanced Threat Detection Tools, IDS/IPS, Network Packet Analysis, Endpoint Protection)
Demonstrated experience with utilizing SIEM such as Splunk (preferred), ArcSight, QRadar, etc. in investigating security issues and/or complex operational issues on Windows and Unix
Advanced knowledge of network protocols and operating systems (Windows, Unix, Linux, Databases)
Skills and Certifications
Enterprise detection technologies and processes