Security Operations - IR Lead

Responsibilities

• Detect and respond to cyber security threats to ensure your organization operates securely.
• Partner with the existing internal SOC team across the world and keep the CISO informed about security Incidents.
• Act as a liaison between the SOC team, other internal stakeholders, and external parties such as vendors, clients, or regulatory bodies.
• Monitor security systems and networks for potential security breaches or incidents.
• Conduct in-depth investigations into security incidents to determine the root cause and extent of the compromise.
• Develop and implement incident response plans and procedures to contain, eradicate, and recover from security incidents.
• Coordinate with cross-functional teams, including IT, legal, and senior management, to respond to and mitigate security incidents.
• Document incident response activities, including findings, actions taken, and lessons learned, for future reference and improvement.
• Provide guidance and mentor junior members of the latest security trends techniques.
• Stay current with emerging cybersecurity threats, vulnerabilities, and trends to proactively enhance incident response capabilities.
• Define and Drive tabletop exercises and simulated incident scenarios to test and improve incident response readiness.
• Carry Table-top exercise for Customer on various Incident Response Scenarios
• Collaborate with external partners, such as law enforcement and industry peers, to share threat intelligence and best practices.
• Develop incident management plans and procedures, surveying the networks for signs of a breach, and coordinating and executing tabletop exercises to practice, develop plans, policies, and procedures.
• Perform proactive threat hunts to identify threats and assess the state of security controls; work with in-house red teams to detect offensive operations, and capture and action findings.
• Upgrade security systems by monitoring security environment; identifying security gaps; evaluating and implementing enhancements.
• Proactive identification of threats and risk remediation.
• Generate metrics for the Management as needed. Prepare system security reports by collecting, analyzing, and summarizing data and trends.
• Define and participate in implementation of On-prem and Cloud architecture and security controls.
• Maintain security by monitoring and ensuring compliance to standards, policies, and procedures; conducting incident response analyses; developing and conducting training programs.

Qualifications

• 6 – 10 years of proven experience in Security incident response handling, Vulnerability Management or Penetration testing; a master’s degree can be substituted for experience.
• Practical experience with threat detection, monitoring and incident response and implementation, ability to query and write detection rules, and management of security related technologies, (i.e., SIEM (Qradar / Splunk), SOAR, WAF, AV, Firewalls, Internet-facing services).
• Proven experience in cybersecurity incident response, including hands-on experience with incident detection, analysis, and response.
• Experience conducting technical analysis of security events including Malware analysis, incident triage, escalation, communication, and digital forensics.
• Excellent analytical and problem-solving skills, with the ability to think critically and make decisions under pressure.
• Effective communication skills, both verbal and written, can convey technical information to non-technical stakeholders.
• Familiarity with scripting for automation.
• Strong expertise in gathering and condensing threat intelligence into actionable and meaningful communication materials.
• Bachelor’s degree in information security or information technology or computer science or related fields.
• Experience in public cloud infrastructure such as Microsoft Azure, GCP, AWS.
• Familiarity with security frameworks and regulatory requirements such as NIST, ISO 27001/2.
• Proven experience with products dealing with vulnerability management services which include Tenable, Qualys, Nexpose, etc.
• Demonstrated understanding of information security concepts, standards, practices, including but not limited to firewalls, intrusion prevention and detection, TCP/IP and related protocols, device monitoring and log management and event monitoring/reporting.
• Certifications such as CISM, CEH, GCIA, GCIH, CISSP or equivalent.
• People Management experience is a plus.
• Results focused and attention to detail