24 Mar
Incident Detection Lead
Vacancy expired!
- Direct technical members in conducting event detection, incident triage, initial incident handling, and hunting activities by leveraging our detection/response platforms
- Continuously monitor levels of service of the ID team
- Work with IR and CSIRT to develop and implement remediation plans in response to incidents
- Provide input into security architecture requirements, tool deployment and implementation related to security monitoring
- Recognize potential, successful, and unsuccessful intrusion attempts and compromises thorough review and analyses of relevant event detail and summary information
- Provide comprehensive briefings at various levels of operations and management regarding ongoing security monitoring activity and performance
- Ensure the proper and timely handling of all security events/incidents regarding all aspects of security for the facility
- Lead operation team to provide 24x7 incident detection and monitoring service, and performance report on regular basis
- Enhance and provide training to operation members
- Integration of additional supported log source/device and development of new use cases as required
- Manage communication with our affiliates in case of security incident.
- Work with our affiliates to remediate non-compliance with monitoring requirements.
- Assist affiliates and group to improve cybersecurity maturity and strengthen cybersecurity posture.
- 8+ years cyber security experience required
- 5+ years of experience in incident response handling and staff leadership.
- Must have a strong understanding of concepts and technology across all IT areas to be able to spot gaps and develop appropriate controls
- Demonstrated analytical, problem-solving, and critical thinking skills required
- Working knowledge of security technologies such as Active Directory, anti-malware tools, forensics tools, firewalls, identity access management, IDS / IPS, multi-factor authentication, network devices, SIEM, threat intelligence, vulnerability scanners, monitoring tools, and web filters on premise and in cloud environments required
- Ability to work with little supervision and consistently deliver results required
- Familiarity with network technologies and protocols (switches, routers, firewalls, VPNs, remote connection technologies, and multiple domain environments) strongly preferred
- Experience with Splunk and other SIEM platforms, Enterprise Intrusion Prevention Systems, Endpoint Detection tools, and other security products
- Experience conducting incident handling and response efforts in large enterprise environments
- Experience supporting incident investigations
- Experience working in a 24/7 SOC environment
- Security certifications (e.g. Security+, Network+, CEH, SANS etc.)
Vacancy expired!