Direct Client: Cyber Security Incident Response at PA

DVI Technologies, Inc.
Pittsburgh, PA
20 Mar 2025

Vacancy expired!

Job Title: Team Lead, Cybersecurity Incident Response (CIRT)

Overall Purpose:The

Cybersecurity Incident Response Team (CIRT) is responsible for ensuring effective detection and response to all security incidents at Duquesne Light. CIRT operates as part of the Office of the CISO under the Cyber Security Operations and Engineering (“SecOps”) team. The SecOps team is responsible for ensuring that Duquesne Light corporate systems and networks are designed and operate in a secure manner that minimizes the risk to a level acceptable to management.

Responsibilities:
  • Lead and serve as a mentor for internal Threat Hunting, Incident Response, and Forensics, actively improving our capabilities
  • Partner with Cyber Security Operations and Engineering groups to improve operations, detection, response, and recovery
  • Drive end-to-end Cybersecurity incident response activities, serve as an escalation point for high priority or complex incidents
  • Drive continuous refinement and improvement of incident response processes, playbooks, and Standard Operating Processes (SOPs)
  • Grow and mature Threat Intelligence Program and applicability of detected threats to drive actionable intelligence
  • Identify gaps in visibility and detection methodologies. Regularly evaluate current log quality and content development strategies, identify new data sources to enrich logs and new threat detection logic
  • Provide incident metrics to other Cybersecurity and business leadership
  • Build and maintain relationships with IT and business stakeholders
  • Build and maintain relationships with local law enforcement and cyber defense authorities
  • Build and maintain relationships with key vendors
  • Participate in internal and/or external audits as required
  • Assist in developing and enhancing Cybersecurity strategy and roadmap
  • Collaborate with Cybersecurity and IT Risk Management peers to improve automated correlation, vulnerability scanning, code review/applications testing, and other detection security tools
  • Manage security tools and associated professional service contracts and deliver capabilities
  • Partner with Infrastructure and Security leadership teams to develop use cases for security automation and response, logging, monitoring and threat defense
  • Contribute to the execution of Cyber Security operations, incident response, and investigations spanning across all functions of the Cybersecurity organization

Qualifications:
  • Experience in IT in the Information Security area
  • Demonstrated ability to lead technical teams and strategic projects
  • Strong communication and problem-solving skills
  • Development of incident response, operations processes, and playbooks
  • Understanding common security tools, instrumentation, and detection methodologies – EDR, SIEM, IDS/IPS, proxies, etc.
  • Understanding core networking concepts (TCP/IP, etc.) and common protocols (HTTP, SMB, etc.)
  • Understanding of tools and techniques used by hackers to breach networks, server systems, cloud workloads, or applications
  • Demonstrated understanding of security-related technologies and practices including authentication and authorization systems, endpoint protection, encryption, segmentation strategies, vulnerability management, network, and Host Incident Detection and Prevention, Data Loss Prevention, Data Security, risk-based and strong authentication, cloud access security, secure remote access, firewalls, Application Security, etc.
  • Diverse technical background and exposure to enterprise networking, firewall, storage options, server infrastructure, operating systems, application development, database technologies, desktop operating systems and Cybersecurity
  • Deliver on SLA/OLA commitments under tight deadlines and/or budgetary and other resource constraints
  • Experience working in transmission and distribution operations services industry or other highly regulated and/or compliance-oriented environments
  • Exposure to security standards NIST Cyber Security Framework, NIST SP800-61 R2 and ISO/IEC 27035

Education / Experience Requirements:
  • Bachelor’s plus 5+ years industry experience. Team leadership preferred but previous supervisory experience not required.

Preference:
  • 3 + years of experience in leading Cybersecurity Operations, threat hunt, incident response, digital and/or network forensics, threat, and vulnerability management functions.

  • Prefer one or more relevant Cybersecurity certification such as CISSP, CISM, GCFE, GCIH, 3CCE, EnCE, OR digital forensics / incident response certification

Scope
  • Primary focus is on day-to-day management of operational execution for areas managed.
  • Trains and develops staff. Plans the workflow.
  • Directs available resources to accomplish process improvement.
  • Leads workflow changes and implementations for direct team.

Decision Impact
  • Problems and issues are undefined require detailed info gathering, analysis, and investigation to understand/resolve.
  • Makes decisions that address workflow issues considering immediate impact on own function or work unit.
  • ID: #49505142
  • State: Pennsylvania Pittsburgh 15201 Pittsburgh USA
  • City: Pittsburgh
  • Salary: Depends on Experience
  • Job type: Permanent
  • Showed: 2023-03-20
  • Deadline: 2023-05-12
  • Category: Et cetera