Job Description

Demonstrated ability to prioritize and analyze security events, enabling swift decision-making on appropriate courses of action and initiating timely and proportional responses Expertise in conducting and driving analysis and investigation of cybersecurity incidents Experience articulating technical findings and creating detailed incident reports Extensive experience in leveraging security tools such as SIEM, EDR, web proxy and email security tools Experience driving security projects from requirements gathering to completion Hands on experience with cloud environments (AWS, Azure, GCP) and performing security investigations in them Digital Forensics and Incident Response (DFIR) skills Ability to query using query languages such as SPL, SQL, KQL Threat hunting experience or previous red/purple team experience (practical or lab based) Ability to communicate effectively and possess excellent prioritization skills Ability to automate tasks and code solutions to repetitive problems (Python, PowerShell, Bash). What you will do: Conduct daily investigation of security events and incidents end to end Serve as a subject matter expert in driving incident response and be the primary decision-maker for your geographic region, overseeing various aspects of incident response Provide detailed notes and reporting for all security events and incidents analyzed Provide mentorship and guidance to the rest of the team Regularly drive and participate in team uplift projects, enhancing or building new capabilities Create runbooks and playbooks for repeatable tasks Build and implement tools to automate security monitoring and tasks Threat Hunting- Hunt for bad, misconfigurations, and other anomalous activity Drive automation initiatives, enhancing analyst capabilities and workflows while eliminating monotonous tasks Develop innovative and cutting-edge detection content aligned with ATT&CK, Cyber Kill Chain, and various other cyber security frameworks Bring your own ideas and solutions to a fast-paced, growing, and evolving team centered around operational excellence Provide rotational on-call support for weekend emergencies (rarely), ensuring uninterrupted security coverage and prompt incident response Ensure smooth handover of alerts and incidents between team members located in various geographic locations Work closely with key stakeholders and cross functional BUs representing the SecOps team to identify, respond to, and remediate information security issues Who you are 5-8 years of relevant Information Security or SOC experience Bachelors in computer science, Information Security, Engineering, or commensurate experience in Information security is preferred Passion for security and solving tomorrow s problems Willing to learn new technology platforms Strong team player Certifications like GCIH, GCFA or equivalent are a plus Able to work proactively in a time sensitive operations environment. Innovation mindset - Takes opportunities to make existing processes more efficient and thinks automation first