Cyber Security Lead : Defy Security

Cyber Security Lead/Data Forensic/Incident Response Engineer/Supervisor/Lead

Title: Cyber Security Lead/Data Forensic/Incident Response Engineer/Supervisor/Lead

Must have people management or supervisory experience.

Summary of the requirements:

• Utilize understanding of attack signatures, tactics, techniques and procedures associated with advanced threats
• Lead investigate, coordinate, bring to resolution, and report on security incidents as they are escalated or identified
• Supervision over the DFIR Incident Handler/Analyst Team
• Forensically analyze end user systems and servers found to have possible indicators of compromise
• Provide engineering and administrative functions for all tools in support of the DFIR mission (Data Forensic Incident Response)
• Complete complex analysis of artifacts collected during a security incident/forensic analysis
• Identify security incidents through 'Hunting' operations within a SIEM and other relevant tools and partner organizations/technologies
• Interface and communicate with server owners, system custodians, and IT contacts to pursue security incident response activities, including obtaining access to systems, digital artifact collection, and containment and/or remediation actions
• Provide expert consultation and assessment on perceived security threats
• Maintain, manage, improve and update security incident process and protocol documentation
• Regularly provide reporting and metrics on case work
• Provide SME level resolution of security incidents by identifying root cause and solutions
• Analyze results in investigative matters, and develop fact-based reports

Qualifications:

• Equivalent combination of education and experience is considered.
• Bachelor's Degree in information security / technology or related field, or equivalent combination of education & experience in information security in a large, highly regulated enterprise.
• Minimum of eight (8) years of work experience in the Cyber Security field.
• Minimum of three (3) years prior Incident Response/ Security Operations Center team lead experience.
• Minimum of two (2) years prior security analysis experience is required.
• Knowledge of security response operations, threat identification and forensic analysis software, equipment, and processes required.
• Proficient technical level of digital forensic and security incident response required.
• Capable of identifying vectors of threats and security incidents, able to remediate or coordinate remediation efforts of a security incident, and develop documentation to support the security incident response process required.
• Demonstrated integrity and judgment within a professional environment.
• Ability to appropriately balance work/personal priorities.
• Experience configuring and managing security systems.
• Experience configuring and managing UTM devices. (Unified Threat Management)
• Experience using Threat Intelligence Platforms for continuous monitoring.
• Experience using vulnerability management/scanning tools and obtaining valuable output for senior management.
• Strong Host based security experience.
• Ability to leverage Host based security systems to perform proper incident investigations and resolution.
• Strong filesystem and malware behavioral knowledge.
• Experience using network and host forensics tools for incident response.
• Knowledge of the Cyber threat landscape and APT groups.
• Knowledge of the Cyber Kill Chain and ability to identify incident types and attack lifecycle.
• Knowledge of change management process and experience proposing and presenting changes to the enterprise infrastructure.

Supervisory Responsibility:

This role will supervise employees.

Licenses and Certifications:

Must have at least two (2) certifications in the field of information security from a respectable security organization. Desirable certifications include, but not limited to: GSEC, GCIH, GCIA, GCFE, GREM, GCFA, CEH, CISSP, CASP or equivalent.