Incident Response Lead – IT – Cybersecurity Fusion Center

Incident Response Lead – IT – Cybersecurity Fusion Center

Requirements

• Minimum 8+ years of IT experience with progressive responsibilities, and with at least 5 years of Cyber Security experience.
• Security professional with a strong technical background in Cyber Security, Windows / Linux, Network Security, Security Operations Center (SOC), Cloud Security (AWS, Azure), MITRE ATT&CK or similar frameworks, Threat Analysis, IT Operations and Incident response
• Strong verbal and written communication skills with the ability to adapt information delivery based on the target audience.
• Ability to create or review procedures for protection of systems and applications.
• Knowledge of information security principles, concepts, practices, systems software, database software, and immediate access storage technology to carry out activities relating to security certification and accreditation.
• Ability to provide expert technical advice, guidance, and recommendations to management and other technical specialists on critical information technology security issues.
• Recommends and coordinates the application of fixes, patches, & recovery procedures in the event of a security breach.
• Experience with security tools and platforms including SIEM, IPS/IDS, Endpoint and Server protection, Network protection, Firewalls, etc.
• Extensive experience in Cyber threat and vulnerability analysis and remediation.
• Forensic examination and data preservation.
• Significant experience doing internal and external penetration testing (red / blue / purple team experience).
• Very strong security awareness and knowledge.
• Strong understanding of key infrastructure systems (Active Directory, Windows/Linux, Databases, Cloud systems).
• Ability to multitask and manage multiple topics and demands concurrently.
• Working knowledge of IT processes (i.e., ITIL) including incident, problem, defect, change and release management.

Responsibilities

• Extensive knowledge and experience in handling Cyber Security threats and Incident response activities including Detection, Triage, Investigation, Remediation and Recovery from security issues.
• Extensive experience as Security Incident commander, leading security investigations while liaising with IT Operations, legal, and business teams through security incidents.
• Extensive experience with designing, implementing, and optimizing a Security Incident Response process.
• Extensive experience with designing and implementing SOC and IR technologies including SIEM, EDR, UEBA, among other capabilities.
• Monitor security events to detect threats and analyze situations in context to detect advanced threats.
• Develop Security Operations Center detection tools, rules and intelligence to improve detection & investigation efficiency of the Center.
• Assess new technologies, tests them in a lab environment and proposes them for SOC improvement.
• Operate Security Operations Center devices to ensure high availability and security.
• Maintain and operate SOC network, systems, workstations and other technical components.
• On-call availability outside business hours.

Preferred Qualifications

• Proficiency in digital forensics, malware analysis, and threat hunting.
• Experience with threat intelligence platforms and attack frameworks.
• Familiarity with Cloud security threat detection and monitoring best practices.