AVP, Information Security - Incident Response Lead at PennyMac Financial Services, Inc. in Agoura Hills, CA

Overview

The PennyMac Information Security department is looking to bring on an incident response lead to drive our SOC technology, processes, and capability development efforts.

Job Description

• Design, implement, and maintain security technologies related to incident response, forensics, orchestration, and automated response.
• Manage the Cybersecurity Incident Response Plan and associated processes and playbooks to maintain the incident response capability knowledge base.
• Lead threat hunting capability including the implementation of technology and operationalization of standard techniques.
• Provide support for the implementation of security data lake and SIEM technology.
• Ability to identify system and process vulnerabilities and drive remediation of findings.
• Lead incident response exercises from creation, execution, tracking, and documentation.
• Lead initiatives focused on process improvement, risk mitigation, and security metric development and reporting.
• Engineer cybersecurity systems to automate incident response playbooks and cybersecurity monitoring.
• Work cross-functionally with infrastructure, database, cloud, application, and other relevant technical teams to drive incident analysis, containment, eradication, and post-incident activity.
• Participate and provide support during high priority cybersecurity incidents.
• Mentor junior staff to develop understanding of cybersecurity technology and incident response.
• Participate in the development of comprehensive multi-year cybersecurity strategies with technical implementation guidance.
• Provide thought leadership for architecting solutions to critical enterprise and cybersecurity initiatives.

Ideal Candidate will have the following:

• Bachelor's Degree from an accredited college or equivalent work experience.
• 5+ years of relevant work experience.
• Strong understanding of all phases of security incident handling and forensics including probing and attack methods, network/service discovery, system assessment, threat containment/eradication, and conducting retrospects to drive operational improvement.
• Strong understanding of cybersecurity attack su5+ rface management technologies and processes.
• Strong understanding of network technologies including TCP/IP, IDS/IPS, firewalls, LAN, WLAN, and WAN.
• Expert understanding of AWS IaaS/PaaS, Linux, Windows Server, Windows Desktop, VMWare, and MacOS (in order or importance) secure configuration management and security controls.
• Experience operating SIEM technology and providing feedback to engineering teams to continually improve technology capabilities.
• Experience mitigating and addressing threat vectors including advanced persistent threats, denial-of-service, phishing, malware, unauthorized access, and employee policy violations.
• Desired approximately 3+ years of experience in Python and/or other scripting languages.
• Desired experience with container and VM hardening.
• Desired experience in database administration, SQL, and data security.
• Strong written and verbal communication.
• Ability to self-start and spearhead initiatives with minimal direction and oversight.

Years of Experience:

7

Education:

Bachelor's Degree