Director, Security Operations & Incident Response bei Rgare

You desire impactful work.
 

You’re RGA ready

RGA is a purpose-driven organization working to solve today’s challenges through innovation and collaboration. A Fortune 500 Company and listed among its World’s Most Admired Companies, we’re the only global reinsurance company to focus primarily on life- and health-related solutions. Join our multinational team of intelligent, motivated, and collaborative people, and help us make financial protection accessible to all.

A Brief Overview

Responsible for owning, developing and executing standards, procedures, and processes to monitor, maintain, and create new detections. Owns and drives telemetry health monitoring to ensure existing monitoring/alerts are performing as intended. Enable global Security Operations by participating in on-call rotations, alert triage, investigations, and engineering.

What you will do

• Participates in 24/7 on-call rotation, alert triage, and investigations
• Responsible for the entire Incident Response Lifecycle (readiness, training, response, command, post-mortem) 
• Utilizing CI/CD pipeline, leads monitoring, maintaining, and optimizing existing detections to ensure high fidelity and low noise detections, inclusive of Detection Playbooks.
• Supports the validation of security telemetry health and the identification of gaps in telemetry that may introduce risk to the organization. Owns, drives, and develops standards and process for validation of security telemetry.
• Owns, drives, develops, and supports efforts to identify and close detection and telemetry gaps.
• Leads and mentors team members and within the org in technical areas of monitoring and detection.
• Acts as the subject matter expert in complex investigations or incidents.
• Owns systemic issue mitigation initiatives across GSO.
• Identifies emerging trends and threats and drives strategic and technical vision to address these threats.
• Drives strategy regarding monitoring, maintaining, and optimizing existing detections to ensure high fidelity and low noise detections, inclusive of Detection Playbooks.
• Defines metric and reporting initiatives to drive strategic business decisions and leadership situational awareness.
• Perform other duties as assigned.

Qualifications

• Bachelor’s degree or equivalent experience

Required

• Ability to map and document complex processes and systems.
  Advanced oral and written communication skills, demonstrating the ability to convey technical terminology that is meaningful and well received by all stakeholders, including customers and associates.
• Deep understanding of industry best practice for security concepts around NIST frameworks.
  Advanced experience with SSDLC frameworks. 
• Outstanding communication, analytical skills and ability to function in a globally diverse work environment.
• Ability to foster a teamwork and customer service focused environment
• Advanced ability to employ methodologies for analyzing and improving business processes
• 7+ years of hands-on experience in a Security Operations Center (SOC) or similar environment, with a focus on incident response, threat investigations or detection development
• 7+ years of experience assessing security telemetry to identify and close visibility gaps to improve detection and investigation fidelity.
  SME analytical skills with the ability to investigate activity across network, host, cloud, and identify platforms.
• 7+ years of experience contributing to purple team exercises, including supporting risk hunting, telemetry validation, and detection efficacy
  Experience developing and supporting cybersecurity metrics and reporting to support security operations.
• 7+  years experience creating automationworkflows to scale security operations
  Ability to quickly adapt to new methods, work under tight deadlines and stressful conditions
• 7+ experience designing and implementing automation and workflows to scale security operations
• Demonstrated ability to manage multiple priorities and deadlines in alignment with business needs, while maintaining a strong security posture and delivering high-quality deliverables
• Advanced ability to translate business needs and problems into viable/accepted solutions "

Technical Requirements

• General knowledge of SIEM/SOAR technology (Splunk, CrowdStrike, Sentinel, etc.)
• EDR Platforms (CrowdStrike, Microsoft Defender, etc.)
• Network and client / server technologies and standards
• Malware prevention and remediation
• Advanced knowledge of Cloud Computing Security (AWS, Azure, GCP)
• AM/AAA technologies and architectures (Entra/Active Directory, Okta, OpenID, SAML, Oauth, JWT, LDAP)
• M365 Suite and Environments
• Forensic tools (FTK, Encase, X-Ways, SIFT)
• ServiceNow
• Advanced email security concepts
   

What you can expect from RGA:

• Gain valuable knowledge from and experience with diverse, caring colleagues around the world.

• Enjoy a respectful, welcoming environment that fosters individuality and encourages pioneering thought.

• Join the bright and creative minds of RGA, and experience vast, endless career potential.