United States flag

Incident Response Lead – IT, Cybersecurity Fusion Center

United States - California - Foster CityInformation TechnologyRegular
применять

Описание вакансии

POSITION SUMMARY

As a Cyber Security Incident Response Lead, you will be at the forefront of our organization's defense against Cyber threats. This hands-on technical role requires a seasoned Cybersecurity professional with extensive experience in Threat detection & Incident response, a strategic mindset, and the ability to guide and mentor other response teams. Your core role will be to orchestrate the response to complex cybersecurity incidents, ensuring effective mitigation strategies, and contributing to the enhancement of our overall cyber resilience. A key responsibility is to continually assess security monitoring effectiveness and to make recommendations to improve Cyber Security Incident Response capabilities. This position reports to the Director of Cyber Fusion Center (Global Cyber Security Operations) and works closely with key stakeholders in incident response roles company wide.

Office Location: Foster City, CA

ESSENTIAL JOB FUNCTIONS

  • Extensive knowledge and experience in handling Cyber Security threats and Incident response activities including Detection, Triage, Investigation, Remediation and Recovery from security issues.

  • Extensive experience as Security Incident commander, leading security investigations while liaising with IT Operations, legal, and business teams through security incidents

  • Extensive experience with designing, implementing, and optimizing a Security Incident Response process

  • Extensive experience with designing and implementing SOC and IR technologies including SIEM, EDR, UEBA, among other capabilities

  • Monitor security events to detect threats and analyze situations in context to detect advanced threats.

    • Alerts analysis

    • Investigate Incidents

    • Analyze Malware

  • Develop Security Operations Center detection tools, rules and intelligence to improve detection & investigation efficiency of the Center.

  • Assess new technologies, tests them in a lab environment and proposes them for SOC improvement.

  • Operate Security Operations Center devices to ensure high availability and security.

  • Maintain and operate SOC network, systems, workstations and other technical components.

  • On-call availability outside business hours.

REQUIRED SKILLS & JOB QUALIFICATIONS

  • Minimum 8+ years of IT experience with progressive responsibilities, and with at least 5 years of Cyber Security experience.

  • Security professional with a strong technical background in Cyber Security, Windows / Linux, Network Security, Security Operations Center (SOC), Cloud Security (AWS, Azure), MITRE ATT&CK or similar frameworks, Threat Analysis, IT Operations and Incident response

  • Strong verbal and written communication skills with the ability to adapt information delivery based on the target audience.

  • Ability to create or review procedures for protection of systems and applications.

  • Knowledge of information security principles, concepts, practices, systems software, database software, and immediate access storage technology to carry out activities relating to security certification and accreditation.

  • Ability to provide expert technical advice, guidance, and recommendations to management and other technical specialists on critical information technology security issues.

  • Recommends and coordinates the application of fixes, patches, & recovery procedures in the event of a security breach.

  • Experience with security tools and platforms including SIEM, IPS/IDS, Endpoint and Server protection, Network protection, Firewalls, etc.

  • Extensive experience in Cyber threat and vulnerability analysis and remediation.

  • Forensic examination and data preservation.

  • Significant experience doing internal and external penetration testing (red / blue / purple team experience)

  • Very strong security awareness and knowledge.

  • Strong understanding of key infrastructure systems (Active Directory, Windows/Linux, Databases, Cloud systems)

  • Ability to multitask and manage multiple topics and demands concurrently.

  • Working knowledge of IT processes (i.e., ITIL) including incident, problem, defect, change and release management.

  • Prior working experience in a Pharmaceutical company is a plus.

  • Performs other duties as assigned.

Preferred Skills:

Proficiency in digital forensics, malware analysis, and threat hunting.

Experience with threat intelligence platforms and attack frameworks.

Familiarity with Cloud security threat detection and monitoring best practices.

EDUCATION & CERTIFICATION

  • High School Degree and Twelve Years Experience OR Associate's Degree and Ten Years Experience OR Bachelor's Degree and Eight Years Experience OR Master's Degree and Six Years Experience OR PhD

  • Information Security Certification (CISSP, GSEC, GPEN, CEH, etc.) or other related security certification is highly desired.

  • Microsoft, AWS, Linux, Unix, and Cisco certifications would be an asset

People Leader Accountabilities:

•Create Inclusion - knowing the business value of diverse teams, modeling inclusion, and embedding the value of diversity in the

way they manage their teams.

•Develop Talent - understand the skills, experience, aspirations and potential of their employees and coach them on current

performance and future potential. They ensure employees are receiving the feedback and insight needed to grow, develop and

realize their purpose.

•Empower Teams - connect the team to the organization by aligning goals, purpose, and organizational objectives, and holding

them to account. They provide the support needed to remove barriers and connect their team to the broader ecosystem.