Job Description :
Responsibilities:
* This role will serve as Incident Response Lead and will be responsible for directing the operations of the SOC and ensuring policies, procedures, and objectives align with optimal identification, prioritization, investigation, and resolution of security incidents.
* The Lead will evolve the incident response program that aligns with the enterprise incident management framework and includes incident detection, analysis, containment, eradication, recovery and forensic artifacts required for additional investigations.
* Key functions include security operations center, incident response, electronic investigations (including eDiscovery, forensics, and legal holds), cybersecurity threat intelligence, and law enforcement liaison within IT, red teaming, advanced threat hunting, insider threat and security tool operations.
* This leader develops strategies for all security incident management technology to allow for change and growth; ensuring solutions are fully leveraged. This leader will also coach, mentor, motivate and strategically develop their current team of professionals and partners.
* Lead 24x7 SOC teams providing operational and strategic planning, including fostering innovation, planning projects, and organizing and negotiating the allocation of resources.
* Coordinate with different security teams like Endpoint security, Network Security, IDAM, O365 etc. for incident contextualization, deep investigation and Incident response
* Ensure timely reporting of metrics, security control gaps, and vulnerabilities to leadership by providing quantitative insight into security posture.
* Conducts assessments of threats and vulnerabilities, determines deviations from acceptable configurations or enterprise or local policy, assesses the level of risk, and develops and/or recommends and operationalizes appropriate mitigation countermeasures
* Hands-on experience finding and responding to advance persistent cyber-attacks (APT) in a global network setting
* Change agent with ability to drive accountability & outcomes across a diverse threat landscape
* Serve as a strong cross-functional team player with ability to lead and coach others in a matrix structure, across time zone and national boundaries.
Must Possess:
* 8-12 years in IT related roles and 6-8 years of experience in at least two security operations disciplines within an enterprise scale environment (such as tier 3/4 incident management, cyber threat analyst, cyber intelligence analyst, cyber investigation)
* Experience with SOC incident response and management including 24x7x365 continuous monitoring, detection and analysis of potential intrusions in real-time
* Detailed knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits
* Knowledge in engineering and architecting Security Incident & Event Management (SIEM) technology solutions and how to correlate from multiple data sources
* Experience and knowledge on SOAR platform, Threat Intelligence services and platform
* Experience with attacks and mitigation methods, with experience working in two or more of the following: Network protocols and secure network design; Operating system internals and hardening (e.g. Windows, Linux, iOS, Android); Web application and browser security; Security assessments and penetration testing; Authentication and access control; Applied cryptography and security protocols; Security monitoring and intrusion detection, Incident response and forensics; Development of security tools, automation or frameworks.