Vacancy expired!
- Monitor and respond to information security incidents and support the Information Security & Compliance team in security investigations leveraging insourced and outsourced tools and services.
- Build and analyze reports compiled from various security tools to identify and anticipate patterns of attack and manage and report on the overall threat landscape.
- Work with Security Engineering and Operations team to build, maintain and operate the Security Operations Center and blend information gathered from internal knowledge, professional network and Managed Security Service Providers.
- Develop and maintain the Incident Response plan including procedures for incident response, forensic investigation and mitigation of security events.
- Track and report metrics which may include Mean Time to Detection (MTTD), Mean Time to Resolution (MTTR), Total alerts/incidents per month, Types of alerts/incidents, escalation breakdown, significant SNOW tickets, and others as required
- Review and document security related change requests and advise management on approval decisions.
- Respond to alerts, perform remedial actions, prioritize, investigate, and escalate responses according to the client Incident Response Policy and client Incident Playbooks
- Collaborate with peers across affiliate companies to share incident information, solutions and best practices
- Maintain technical currency and continuously leverage opportunities to strengthen skills and broaden expertise.
- Experience in working with security operations tools including anti-malware, AV, IPS/IDS, SIEM, CASB, SSO, MFA, Spam filtering, DLP.
- Experience in managing and operating vulnerability/patch management processes and tools.
- Experience with security industry standards (ISO 27001, NIST Cybersecurity Framework) and best practices
- Experience working across teams to prevent, identify, and effectively recover from security incidents.
- Proven experience identifying vulnerabilities, anticipate threats, and leveraging a practical approach to reduce the likelihood or impact of a breach.
- Experience developing automated response through Azure workbooks and automation Preferred
- Security Tool Experience (Carbon Black, Netskope, Microsoft Sentinel, Microsoft Defender for Cloud, Microsoft Compliance, or similar) Preferred
- PCI compliance experience (knowledge of how to secure infrastructure, systems, and applications for PCI compliance) Preferred
- Cloud experience securing workloads, network security groups, and VMs in Microsoft Azure.