Vacancy expired!
Our client has an immediate need for a
Cyber Security Incident Response Team Lead, who will be responsible for ensuring effective detection and response to all security incidentsRequirements:- Bachelor’s degree
- 5+ years of industry experience
- Experience in IT in the Information Security area
- Experienced ability to lead technical teams and strategic projects
- Experience with development of incident response, operations processes, and playbooks
- Experience understanding common security tools, instrumentation, and detection methodologies – EDR, SIEM, IDS/IPS, proxies, etc.
- Experience understanding core networking concepts (TCP/IP, etc.) and common protocols (HTTP, SMB, etc.)
- Experience understanding of tools and techniques used by hackers to breach networks, server systems, cloud workloads, or applications
- Experience understanding of security-related technologies and practices including authentication and authorization systems, endpoint protection, encryption, segmentation strategies, vulnerability management, network, and Host Incident Detection and Prevention, Data Loss Prevention, Data Security, risk-based and strong authentication, cloud access security, secure remote access, firewalls, Application Security, etc.
- Diverse technical background and exposure to enterprise networking, firewall, storage options, server infrastructure, operating systems, application development, database technologies, desktop operating systems and Cybersecurity
- Experience to deliver on SLA/OLA commitments under tight deadlines and/or budgetary and other resource constraints
- Experience working in transmission and distribution operations services industry or other highly regulated and/or compliance-oriented environments
- Experience and exposure to security standards NIST Cyber Security Framework, NIST SP800-61 R2, and ISO/IEC 27035
- Team leadership is a plus
- 3 + years of experience in leading Cybersecurity Operations, threat hunt, incident response, digital and/or network forensics, threat, and vulnerability management functions is a plus
- Cybersecurity certification such as CISSP, CISM, GCFE, GCIH, 3CCE, EnCE, OR digital forensics/incident response certification is a plus
- Leading and serving as a mentor for internal Threat Hunting, Incident Response, and Forensics, actively improving our capabilities
- Partnering with Cyber Security Operations and Engineering groups to improve operations, detection, response, and recovery
- Driving end-to-end Cybersecurity incident response activities, serving as an escalation point for high-priority or complex incidents
- Driving continuous refinement and improvement of incident response processes, playbooks, and Standard Operating Processes (SOPs)
- Growing and maturing Threat Intelligence Program and applicability of detected threats to drive actionable intelligence
- Identifying gaps in visibility and detection methodologies. Regularly evaluate current log quality and content development strategies, identify new data sources to enrich logs and new threat detection logic
- Providing incident metrics to other Cybersecurity and business leadership
- Building and maintaining relationships with IT and business stakeholders
- Building and maintaining relationships with local law enforcement and cyber defense authorities
- Building and maintaining relationships with key vendors
- Participating in internal and/or external audits as required
- Assisting in developing and enhancing Cybersecurity strategy and roadmap
- Collaborating with Cybersecurity and IT Risk Management peers to improve automated correlation, vulnerability scanning, code review/applications testing, and other detection security tools
- Managing security tools and associated professional service contracts and delivering capabilities
- Partnering with Infrastructure and Security leadership teams to develop use cases for security automation and response, logging, monitoring, and threat defense
- Contributing to the execution of Cyber Security operations, incident response, and investigations spanning across all functions of the Cybersecurity organization
- ID: #49572566
- State: Pennsylvania Pittsburgh 15201 Pittsburgh USA
- City: Pittsburgh
- Salary: Depends on Experience
- Job type: Permanent
- Showed: 2023-03-28
- Deadline: 2023-05-22
- Category: Et cetera