5-8 years of hands-on IT security experience, particularly in Security Incident Management.
Strong analytical and problem-solving skills with a focus on decision-making capabilities.
Exceptional communication skills, both written and verbal, to liaise with technical and non-technical stakeholders.
Demonstrated experience in managing multiple projects in fast-paced, geographically diverse environments.
Broad understanding of security operations, including various security devices and threat intelligence.
Expertise in at least one or two cyber areas, such as incident investigation and Security Operations Center (SOC).
Ability to work effectively in cross-functional global teams, with a good grasp of offshore collaboration.
Responsibilities
Collaborate with security and IT professionals to devise innovative attack prevention strategies.
Lead proactive monitoring to analyze and respond to cyber threats and manage Risk and Compliance Dashboards.
Conduct thorough research into emerging information security threats.
Develop programs and scripts for various security initiatives alongside technical documentation.
Work closely with SIEM engineers to create security use cases and establish correlation queries and reports.
Identify and track evolving threat actors and their tactics, techniques, and procedures (TTP).
Participate in after-hours on-call support for critical incident management.
Benefits
Professional development opportunities through collaboration and mentorship.
Access to cutting-edge security technologies and methodologies.
Ability to lead and influence security strategies within a global team.
Opportunities for cross-functional teamwork and exposure to diverse security challenges.
Full Job Description
Job Title: Security Technical Lead
Location(s): Fort Mill, SC
Required Skills
Excellent analytical, problem-solving and decision-making capabilities.
Excellent verbal, written and presentation communication skills.
Experience in managing multiple projects, deadlines, and resources.
Broad experience working in and/or supervising security operations.
Experience working in a geographically diverse and fast-paced environment.
Understanding of current information security challenges and solutions; industry trends.
Experience leading cross functional teams, preferably as part of a global team.
Extensive knowledge of security devices such as firewalls, intrusion detection systems, AV systems, spam systems, event correlation devices, log file analyzers etc.
Understanding of ever-evolving Security information such as Threat Intelligence, IT vulnerabilities, Compromise methodology, and Indicators of Compromise.
Ability to explain findings to non-technical professionals and management and be able to work under pressure in time of critical or emergency situations with attention to detail and accuracy.
Problem Solver - Set examples to team e.g. how to create an exec report, how to create a runbook that can withstand customer scrutiny.
Technical - Needs to be an expert and hands on technical on at least one or two cyber areas such as incident investigation, SOC and VM.
Good Analytics skills.
Understand offshore model - Good communicator to work with offshore.
Solutioning - Knowing when the customer requires a technology transformation and getting ahead of the ask, connecting the dots with our internal experts and solutioning team to shape the solution.
Detailed Job Responsibilities
Collaborate with other information security and IT professionals to develop and implement innovative strategies for monitoring and preventing attacks.
Lead team to conduct proactive monitoring, logging and alerting to analyze, correlate, and respond to cyber-attacks, threat intelligence and ability to define Risk and Compliance Dashboards.
Conduct research on emerging information security threats.
Develop programs and scripts for various security initiatives.
Create technical documentation around the content deployed to the SIEM.
Collaborate with SIEM engineers to develop specific content necessary to implement security use cases and transform into correlation queries, reports, rules, alerts from Checkpoint Firewalls, Security IDS, Symantec Enterprise Protection, etc.
Execute content management and change management procedures.
Identify emerging threat actors and track existing actors as their tactics, techniques and procedures (TTP) evolve.
Participate in after-hours on-call for Critical incident management.
Participate in technology remediation efforts through cross functional teams & across business units.
Collaborate with team to have configuration, testing, integration tasks related to SIEM platform. Perform and guide forensic analysis in response to security incidents. Plan for live incident response (reactive and proactive incident management) by identifying and remediating malicious applications and compromised infrastructure components.
Understand Network, Wireless, Mobile Device, and Wan/Lan infrastructure device architecture and associated Security integration for proactive Threat Management.
Perform threat and vulnerability assessments and provide subject matter expertise on appropriate threat mitigation.
Supports and mentor's other members of the team. Help to troubleshoot issues with log sources or systems with vendor, and report system defects as needed.
Nice to have skills
Master-Level understanding and hands-on experience in SIEM concepts such as correlation, normalization, aggregation and parsing.
Master-Level understanding of Cyber Security Operations, Incident Response processes
Master-Level understanding of enterprise logging standards, with a focus on application logging
Master-Level understanding of regular expressions and development of custom Parsers in SIEM
Master-Level in Intrusion Detection Systems and Analysis tools.
Experience in performing vulnerability assessments and penetration tests. Ability to administer the operations of a security infrastructure.
Extensive experience in creating reports, rules, alerts and dashboards in SIEM.
Knowledge of networking, web related protocols, SIEM best practices, processes and workflows.
Experience in Mobile Device protection.
Experience in integration of email security on widely accepted email platforms.
Industry expertise
6-8 years hands on IT security experience with Security Incident Management and Security Operations (SIEM technologies, AV, IDS, IPS, Vulnerability Management).
