The PennyMac Information Security department is looking to bring on an incident response lead to drive our SOC technology, processes, and capability development efforts.
- Design, implement, and maintain security technologies related to incident response, forensics, orchestration, and automated response.
- Manage the Cybersecurity Incident Response Plan and associated processes and playbooks to maintain the incident response capability knowledge base.
- Lead threat hunting capability including the implementation of technology and operationalization of standard techniques.
- Provide support for the implementation of security data lake and SIEM technology.
- Ability to identify system and process vulnerabilities and drive remediation of findings.
- Lead incident response exercises from creation, execution, tracking, and documentation.
- Lead initiatives focused on process improvement, risk mitigation, and security metric development and reporting.
- Engineer cybersecurity systems to automate incident response playbooks and cybersecurity monitoring.
- Work cross-functionally with infrastructure, database, cloud, application, and other relevant technical teams to drive incident analysis, containment, eradication, and post-incident activity.
- Participate and provide support during high priority cybersecurity incidents.
- Mentor junior staff to develop understanding of cybersecurity technology and incident response.
- Participate in the development of comprehensive multi-year cybersecurity strategies with technical implementation guidance.
- Provide thought leadership for architecting solutions to critical enterprise and cybersecurity initiatives.
Ideal Candidate will have the following:
- Bachelor's Degree from an accredited college or equivalent work experience.
- 5+ years of relevant work experience.
- Strong understanding of all phases of security incident handling and forensics including probing and attack methods, network/service discovery, system assessment, threat containment/eradication, and conducting retrospects to drive operational improvement.
- Strong understanding of cybersecurity attack su5+ rface management technologies and processes.
- Strong understanding of network technologies including TCP/IP, IDS/IPS, firewalls, LAN, WLAN, and WAN.
- Expert understanding of AWS IaaS/PaaS, Linux, Windows Server, Windows Desktop, VMWare, and MacOS (in order or importance) secure configuration management and security controls.
- Experience operating SIEM technology and providing feedback to engineering teams to continually improve technology capabilities.
- Experience mitigating and addressing threat vectors including advanced persistent threats, denial-of-service, phishing, malware, unauthorized access, and employee policy violations.
- Desired approximately 3+ years of experience in Python and/or other scripting languages.
- Desired experience with container and VM hardening.
- Desired experience in database administration, SQL, and data security.
- Strong written and verbal communication.
- Ability to self-start and spearhead initiatives with minimal direction and oversight.
Years of Experience: