Cyber Security Incident Response Team Lead

Our client has an immediate need for a

• Bachelor’s degree
• 5+ years of industry experience
• Experience in IT in the Information Security area
• Experienced ability to lead technical teams and strategic projects
• Experience with development of incident response, operations processes, and playbooks
• Experience understanding common security tools, instrumentation, and detection methodologies – EDR, SIEM, IDS/IPS, proxies, etc.
• Experience understanding core networking concepts (TCP/IP, etc.) and common protocols (HTTP, SMB, etc.)
• Experience understanding of tools and techniques used by hackers to breach networks, server systems, cloud workloads, or applications
• Experience understanding of security-related technologies and practices including authentication and authorization systems, endpoint protection, encryption, segmentation strategies, vulnerability management, network, and Host Incident Detection and Prevention, Data Loss Prevention, Data Security, risk-based and strong authentication, cloud access security, secure remote access, firewalls, Application Security, etc.
• Diverse technical background and exposure to enterprise networking, firewall, storage options, server infrastructure, operating systems, application development, database technologies, desktop operating systems and Cybersecurity
• Experience to deliver on SLA/OLA commitments under tight deadlines and/or budgetary and other resource constraints
• Experience working in transmission and distribution operations services industry or other highly regulated and/or compliance-oriented environments
• Experience and exposure to security standards NIST Cyber Security Framework, NIST SP800-61 R2, and ISO/IEC 27035
• Team leadership is a plus
• 3 + years of experience in leading Cybersecurity Operations, threat hunt, incident response, digital and/or network forensics, threat, and vulnerability management functions is a plus
• Cybersecurity certification such as CISSP, CISM, GCFE, GCIH, 3CCE, EnCE, OR digital forensics/incident response certification is a plus

• Leading and serving as a mentor for internal Threat Hunting, Incident Response, and Forensics, actively improving our capabilities
• Partnering with Cyber Security Operations and Engineering groups to improve operations, detection, response, and recovery
• Driving end-to-end Cybersecurity incident response activities, serving as an escalation point for high-priority or complex incidents
• Driving continuous refinement and improvement of incident response processes, playbooks, and Standard Operating Processes (SOPs)
• Growing and maturing Threat Intelligence Program and applicability of detected threats to drive actionable intelligence
• Identifying gaps in visibility and detection methodologies. Regularly evaluate current log quality and content development strategies, identify new data sources to enrich logs and new threat detection logic
• Providing incident metrics to other Cybersecurity and business leadership
• Building and maintaining relationships with IT and business stakeholders
• Building and maintaining relationships with local law enforcement and cyber defense authorities
• Building and maintaining relationships with key vendors
• Participating in internal and/or external audits as required
• Assisting in developing and enhancing Cybersecurity strategy and roadmap
• Collaborating with Cybersecurity and IT Risk Management peers to improve automated correlation, vulnerability scanning, code review/applications testing, and other detection security tools
• Managing security tools and associated professional service contracts and delivering capabilities
• Partnering with Infrastructure and Security leadership teams to develop use cases for security automation and response, logging, monitoring, and threat defense
• Contributing to the execution of Cyber Security operations, incident response, and investigations spanning across all functions of the Cybersecurity organization