Cyber Security Technical Lead
Posted on Sep 4, 2020 by Request Technology
A fortune 500 company is on the search for a Cyber Security Technical Lead. This role will be revolved around SOC/incident response and analyzting IOC/alerts. This person will need to use SIEM products such as Splunk (preferred), ArcSight, QRader. This person is expected to have Strong knowledge of enterprise detection technologies and processes (Advanced Threat Detection Tools, IDS/IPS, Network Packet Analysis, and Endpoint Protection). The client wants someone with 8+ years of experience in a related role.
- Responsible for managing security incidents identified from enterprise SIEM tool, threat intelligence, end user notifications, etc. to determine security risk and responding accordingly
- Coordinate response, triage and escalation of security events affecting the company's information assets and activities within the Incident Response team
- Responsible for understanding the threat landscape by working with other Cyber functions such as Threat detection, Threat Intelligence, Digital Forensics etc. and in building & executing required action plan
- Support development of SOPs, Resiliency plans, and other necessary documentation to support Security Operations
- Routinely participate in the review of new SIEM use cases, develop & update incident response playbooks to ensure response activities align with best practices, minimize gaps in response and provide comprehensive mitigation of threats
- Augment Incident response team to ensure 24/7 coverage and operations. Responsibilities sometimes will require working evenings and weekends, sometimes with little or no advanced notice
- Act as a role model and provide tactical support to your peers and other security analyst teammates, who deliver Cybersecurity's scaled threat response, assessment, and response efforts, including mentoring & train other team members with less experience and knowledge
- Prioritize work without management direction and provide clear and documented status updates to the management and the team
- Lead development of Security Operations playbooks to ensure threat detection, monitoring, response & forensics activities align with best practices
- Lead technical activities, plan, and track delivery deadlines, and oversee tactical delivery of improvements to Cybersecurity's Incident Response processes
- Assist in day-to-day operations of Cyber Security Incident Response team to ensure Security threats and events are being handled efficiently
Communication and Collaboration
- Routinely brief and update senior leadership and other stakeholders on the active incidents and manage expectations.
- Build and leverage effective relationships across within Information Security with functions such as Threat Intel, Forensics, Threat Detection and Vulnerability management teams as well as external teams in various lines-of-business, ensuring clear lines of communication and a comprehensive approach to security
- Present to different audiences and adjust accordingly (business, technical and management) either structured presentations or ad-hoc
- 8+ years of Information Security or related risk management experience
- Bachelor's degree in Information Security, Computer Science, Information Technology, related field or equivalent work experience
- 3-5+ years of Hands on Information Security SOC/Incident Response experience with analysing IOCs/Alerts as identified by SOC & Threat Intel teams
- Demonstrated experience in handling security events in mission critical environments; hands-on troubleshooting, analysis, and technical expertise to resolve incidents and service requests; previous experience in troubleshooting day-to-day operational processes such as security monitoring, data correlation, security operations etc.
- Good grasp of security incident response, such as different phases of response, vulnerabilities vs threats vs actors, Indicators of Compromise (IoCs), etc.
- Strong knowledge of enterprise detection technologies and processes (Advanced Threat Detection Tools, IDS/IPS, Network Packet Analysis, Endpoint Protection)
- Demonstrated experience with utilizing SIEM such as Splunk (preferred), ArcSight, QRadar, etc. in investigating security issues and/or complex operational issues on Windows and Unix
- Advanced knowledge of network protocols and operating systems (Windows, Unix, Linux, Databases)