Are you looking for a full-time remote Cyber Security Operations Team Lead job opportunity working for a world-class financial institution? If you are this is the opportunity for you!!!
* This position will lead a team of cybersecurity professionals in their day-to-day work detecting and responding to cybersecurity events and assisting them in career development and growth.
* This position reports to the manager of Cyber Security Operations and is responsible for maintaining a library of detection and response runbooks.
* This position is an expert in many cybersecurity domains and assists and trains analysts and works with them to complete complex investigations and drives continuous improvement for the team.
* This position works both independently and as a leader on collaborative teams to accomplish complex projects.
* This position will maintain metrics on cybersecurity events and prepare post-incident communications and reports.
* This position contributes to Cyber Security Operations policies and procedures.
* This position defines and leads projects in support of security detection and response, strategy and process.
* This position may be required to testify in court if necessary.
* This position may participate in an on-call rotation.
* Protect by providing timely response to Cybersecurity threats, incidents, and requests for investigation utilizing industry-leading tools and practices.
* Develop playbooks and automation for repeatable tasks to speed the investigation of and provide an accurate and consistent response to security events.
* Provide expert forensic analysis to support investigations and regulatory requests from business units.
* Legal and regulatory requirements for financial services
* Leadership principles
* Log analysis and forensic investigation
* Cybersecurity policies, standards, procedures, and processes
* A wide variety of enterprise-wide IT systems such as operating systems, directory services, cloud services, mobile device management, virtualization, network devices, network protocols, web servers, databases, firewalls, etc.
* Host and memory forensics on Windows, Mac, and Linux operating systems
* Advanced log analysis
* How threat actors target, exploit and behave within a compromised network
* How systems get infected and common malware behavior
* Cybersecurity Threat Intelligence (CTI) and Indicators of Compromise (IoCs)
* Amazon Web Services and Azure logging methods
* Demonstrate group and project leadership skills
* Lead incident response and/or computer forensics investigations
* Support other investigations (HR, Legal, compliance, regulator requests, etc.)
* Communication proficiency, oral and written
* Document investigative and research findings
* Coordinate efforts among legal, human resources, corporate compliance, law enforcement, and outside information security emergency handling agencies
* Investigate account take over and other attacks against web based services
* Review alerts and log data from a wide variety of sources
* Evaluate operating system logs, application logs, firewall, IPS, sand boxing, host security, network devices, vulnerability management, DLP, network forensics, etc.
* Complete forensic investigations of hosts, mobile devices, memory, etc.
* Hunt for security events using large data sets
* Collect and preserve evidence following industry best practices and established procedures
* Lead gap assessments, upgrade paths, bug fixes and necessary workarounds for new IT security issues
Required Education and Experience:
* Experience in incident response, computer forensics, or security engineering.
* Some technical, IT, or digital investigative experience will be considered in meeting this requirement
* Outstanding collaboration, problem-solving, and negotiation skills
* Proven strategic thinking skills to solve complex enterprise and business challenges
* Proven ability to lead cybersecurity teams
* Management of cybersecurity cases and incidents
* Writing of enterprise policies, standards, procedures, processes, and runbooks
Preferred Education and Experience:
* Scripting using Python or Powershell
* Security Information and Event Management (SIEM)
* Log management and log analysis
* Cybersecurity case management
* Endpoint security tools such as: antivirus, data loss prevention, endpoint detection and response, forensic analysis, etc.
* Vulnerability management
* Host and memory forensics on Windows, Mac, and Linux based computers
* Cloud infrastructures such as AWS or Azure
* Certified Information Systems Security Professional (CISSP)
* Certified Cloud Security Professional (CCSP)
* Splunk Enterprise Certified Admin
* AWS Certified Security - Specialty
* Certified Forensic Computer Examiner (CFCE)
* GIAC Certified Incident Handler (GCIH)
* GIAC Certified Enterprise Defender (GCED)
* CompTIA Advanced Security Practitioner (CASP)
* GIAC Security Expert (GSE)
* Certified Ethical Hacker or Computer Security Incident Handler (CSIH)
* GIAC Certified Forensic Analyst (GCFA)
* GIAC Advanced Network Forensics (GNFA)
* GIAC Intrusion Detection (GCIA)
* GIAC Security Essentials (GSEC)
* Project Management Professional (PMP)
* Systems Security Certified Practitioner (SSCP)
* CompTIA (Security+)
* EnCase Certified Examiner (EnCE)
* Access Data Certified Examiner (ACE)
To fast track your application please apply directly to this posting or contact me (Samul Murray) directly at firstname.lastname@example.org