This Job Vacancy has Expired!

Lead Cyber Security Incident Response/SOC

Posted on Sep 4, 2020 by Request Technology - Craig Johnson

Herndon, VA 20170
Immediate Start
$125k - $150k Annual

*Position is bonus eligible*

Prestigious Enterprise Company id currently seeking a Cyber Security Technical Lead SOC and Incident Response. Candidate will lead and assist in responding to security incidents in a mission critical production environment, such as investigating and remediating possible endpoint malware infections, mitigating threats such as unauthorized use, spam and phishing. Candidate will own the development and delivery of our technical solutions related with security incident response, including building of processes, procedures, and methodology, as well as new response mechanisms. In addition, will be responsible for developing processes and procedures to analyze various security events/incidents consistently.


Incident Response:

  • Responsible for managing security incidents identified from enterprise SIEM tool, threat intelligence, end user notifications, etc. to determine security risk and responding accordingly
  • Coordinate response, triage and escalation of security events affecting the company's information assets and activities within the Incident Response team
  • Responsible for understanding the threat landscape by working with other Cyber functions such as Threat detection, Threat Intelligence, Digital Forensics etc. and in building & executing required action plan
  • Support development of SOPs, Resiliency plans, and other necessary documentation to support Security Operations
  • Routinely participate in the review of new SIEM use cases, develop & update incident response playbooks to ensure response activities align with best practices, minimize gaps in response and provide comprehensive mitigation of threats
  • Augment Incident response team to ensure 24/7 coverage and operations. Responsibilities sometimes will require working evenings and weekends, sometimes with little or no advanced notice


  • Act as a role model and provide tactical support to your peers and other security analyst teammates, who deliver Cybersecurity's scaled threat response, assessment, and response efforts, including mentoring & train other team members with less experience and knowledge
  • Prioritize work without management direction and provide clear and documented status updates to the management and the team
  • Lead development of Security Operations playbooks to ensure threat detection, monitoring, response & forensics activities align with best practices
  • Lead technical activities, plan, and track delivery deadlines, and oversee tactical delivery of improvements to Cybersecurity's Incident Response processes
  • Assist in day-to-day operations of Cyber Security Incident Response team to ensure Security threats and events are being handled efficiently
  • Provide thought leadership and guidance on intelligence/analytics research to build capabilities to provide automated and proactive detection and response to threats

Other Duties:

  • Routinely brief and update senior leadership and other stakeholders on the active incidents and manage expectations.
  • Build and leverage effective relationships across within Information Security with functions such as Threat Intel, Forensics, Threat Detection and Vulnerability management teams as well as external teams in various lines-of-business, ensuring clear lines of communication and a comprehensive approach to security
  • Present to different audiences and adjust accordingly (business, technical and management) either structured presentations or ad-hoc


  • 8+ years of Information Security or related risk management experience
  • Bachelor's degree in Information Security, Computer Science, Information Technology, related field or equivalent work experience
  • 3-5+ years of Hands on Information Security SOC/Incident Response experience with analysing IOCs/Alerts as identified by SOC & Threat Intel teams
  • Demonstrated experience in handling security events in mission critical environments; hands-on troubleshooting, analysis, and technical expertise to resolve incidents and service requests; previous experience in troubleshooting day-to-day operational processes such as security monitoring, data correlation, security operations etc.
  • Good grasp of security incident response, such as different phases of response, vulnerabilities vs threats vs actors, Indicators of Compromise (IoCs), etc.
  • Strong knowledge of enterprise detection technologies and processes (Advanced Threat Detection Tools, IDS/IPS, Network Packet Analysis, Endpoint Protection)
  • Demonstrated experience with utilizing SIEM such as Splunk (preferred), ArcSight, QRadar, etc. in investigating security issues and/or complex operational issues on Windows and Unix
  • Advanced knowledge of network protocols and operating systems (Windows, Unix, Linux, Databases)
  • Risk Management
  • Information Security
  • Incident Response
  • SIEM tools
  • Enterprise detection technologies and processes

Reference: 942601730

Set up alerts to get notified of new vacancies.