Director of Security Operations and Incident Response
Posted on Apr 26, 2022 by Request Technology - Craig Johnson
*We are unable to sponsor for this permanent Full time role*
*Position is bonus eligible*
Prestigious Fortune 500 Company is currently seeking a Director of Security Operations and Incident Response. Candidate will lead and manage the people, process, and technologies present in a 24x7 global security operations center.
Collaborate with stakeholders such as Disaster Recovery and Business Continuity to support security larger initiatives, assessments, and resilience testing.
Develop and direct the Enterprise Incident Response Program ensuring continuous maturity.
Define and maintain dashboards and metrics that support Incident Response Program and Cyber Security Operation Center maturity efforts.
Provide cyber security briefings, status updates, and consultancy to various audiences, including technical and executive leadership teams.
Leverage the incident response program to conduct cyber table-top simulations and educational sessions with stakeholders
Provide leadership for incident response investigations, coordinate response activity, and brief senior leaders while maintaining the confidentiality
Develop and mentor staff through open communication, training and development opportunities, and performance management processes; build and maintain a high-performing team through employee morale and motivation.
5 to 7 years.of People Management Experience
10+ years of Experience working in Enterprise Security
Crisis management skills and the ability to manage relationships and communication channels.
Advanced critical thinking and decision-making ability, able to explain and defend a complex decision point.
Demonstrated ability to communicate complex subjects regarding strategic and tactical incident response processes to stakeholders of varying technical levels.
In-depth experience leading security incident response processes in the cloud, virtualized, and on-prem environments.
Thought leader in security engineering and operations delivery driving visibility, automation, analytics, and advanced threat analysis.
Extensive and direct experience in high-pressure situations managing and responding to complex technical cyber security incidents.
Proven skills in various elements of incident response, including but not limited to computer intrusion investigations and digital forensics in enterprise environments.
Understanding current and emerging threats and associated countermeasures by establishing solid relationships with cyber threat teams and vendors. This includes directing a team on managing, maintaining, and increasing visibility into the organization and applying threat intelligence to proactively mitigate risk.
Security Operations role or cyber incident response role conducting in depth investigations using internal telemetry data and open-source information to determine whether a given system or user has been compromised is required
Working with traditional security tools, not limited to, SIEM, AV, EDR, SOAR, IDS/IPS, DLP, etc.
IT work experience required with a broad exposure to infrastructure/network and multi-platform environments is required
Hands-on working experience of most common operating systems including but not limited to Windows Server, Windows 10, UNIX/Linux, Apple OX, Android, iOS environments are required
Hands-on working knowledge and experience with Splunk is required
Splunk certifications are a plus
Cloud Platform technologies (AWS, Google Cloud Platform, Azure, O365) is required
Experience with integration between Incident Management Systems (SOAR) and SIEM in an enterprise environment is a plus
Experience with the forensic and incident response process, reverse engineering malware and red teaming is a plus
Experience of standard business processes including change management, problem management, work prioritization, quality assurance, and continuous improvement best practices, etc. is a plus
Security certifications (SANS, ISC2, SEI, CFE) are a plus
Experience with audit support and response, regulatory compliance SOX and PCI-DSS is a plus