Security Operations - IR Lead na Jda

Responsibilities

· Detect and respond to cyber security threats to ensure your organization operates securely.

· Partner with the existing internal SOC team across the world and keep the CISO informed about security Incidents.

· Act as a liaison between the SOC team, other internal stakeholders, and external parties such as vendors, clients, or regulatory bodies.

· Monitor security systems and networks for potential security breaches or incidents.

· Conduct in-depth investigations into security incidents to determine the root cause and extent of the compromise.

· Develop and implement incident response plans and procedures to contain, eradicate, and recover from security incidents.

· Coordinate with cross-functional teams, including IT, legal, and senior management, to respond to and mitigate security incidents.

· Document incident response activities, including findings, actions taken, and lessons learned, for future reference and improvement.

· Provide guidance and mentor junior members of the latest security trends techniques.

· Stay current with emerging cybersecurity threats, vulnerabilities, and trends to proactively enhance incident response capabilities.

· Define and Drive tabletop exercises and simulated incident scenarios to test and improve incident response readiness.

· Carry Table-top exercise for Customer on various Incident Response Scenarios

· Collaborate with external partners, such as law enforcement and industry peers, to share threat intelligence and best practices.

· Develop incident management plans and procedures, surveying the networks for signs of a breach, and coordinating and executing tabletop exercises to practice, develop plans, policies, and procedures.

· Perform proactive threat hunts to identify threats and assess the state of security controls; work with in-house red teams to detect offensive operations, and capture and action findings.

· Upgrade security systems by monitoring security environment; identifying security gaps; evaluating and implementing enhancements.

· Proactive identification of threats and risk remediation.

· Generate metrics for the Management as needed. Prepare system security reports by collecting, analyzing, and summarizing data and trends.

· Define and participate in implementation of On-prem and Cloud architecture and security controls.

· Maintain security by monitoring and ensuring compliance to standards, policies, and procedures; conducting incident response analyses; developing and conducting training programs.

Qualifications

· 6 – 10 years of proven experience in Security incident response handling, Vulnerability Management or Penetration testing; a master’s degree can be substituted for experience.

· Practical experience with threat detection, monitoring and incident response and implementation, ability to query and write detection rules, and management of security related technologies, (i.e., SIEM (Qradar / Splunk), SOAR, WAF, AV, Firewalls, Internet-facing services).

· Proven experience in cybersecurity incident response, including hands-on experience with incident detection, analysis, and response.

· Experience conducting technical analysis of security events including Malware analysis, incident triage, escalation, communication, and digital forensics.

· Excellent analytical and problem-solving skills, with the ability to think critically and make decisions under pressure.

· Effective communication skills, both verbal and written, can convey technical information to non-technical stakeholders.

· Familiarity with scripting for automation.

· Strong expertise in gathering and condensing threat intelligence into actionable and meaningful communication materials.

· Bachelor’s degree in information security or information technology or computer science or related fields.

· Experience in public cloud infrastructure such as Microsoft Azure, GCP, AWS.

· Familiarity with security frameworks and regulatory requirements such as NIST, ISO 27001/2.

· Proven experience with products dealing with vulnerability management services which include Tenable, Qualys, Nexpose, etc.

· Demonstrated understanding of information security concepts, standards, practices, including but not limited to firewalls, intrusion prevention and detection, TCP/IP and related protocols, device monitoring and log management and event monitoring/reporting.

· Certifications such as CISM, CEH, GCIA, GCIH, CISSP or equivalent.

· People Management experience is a plus.

· Results focused and attention to detail

Our Values

If you want to know the heart of a company, take a look at their values. Ours unite us. They are what drive our success – and the success of our customers. Does your heart beat like ours? Find out here: Core Values

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.