Key skills
AWSAzureCloudCyber SecurityGoogle Cloud PlatformLinuxPythonGCPGoogle CloudLeadershipCollaboration
About this role
Role Overview
- Spearhead key technical and strategic Incident Response initiatives with specific focus on Cloud Incident Response capabilities.
- Benchmark and implement industry best practices for incident response and cybersecurity operations, such as MITRE ATT&CK and NIST Cybersecurity Framework (CSF).
- Provide technical leadership and expertise to enable proactive detection of potential security threats and recommendations for improvements in overall security posture.
- Proactively identify, research, and dissect emerging attack techniques to develop custom detection, containment, and remediation plans to support the JSOC.
- Act as the technical SME for complex and priority targeted detection and response projects aimed at rapidly improving controls related to priority threats.
- Coordinate with multidisciplinary teams across intel, detection, engineering and technology to iteratively improve security controls and detection capabilities.
- Provide counsel to management regarding vendors and technologies, and interact with suppliers to ensure appropriateness of security tools and their configuration.
- Mentor, and upskill less-experienced team members across cyber operations through coaching collaboration and leadership.
- Interface with industry peers to acquire and share Incident Response best-practices in the sector.
Requirements
- Minimum seven years of cyber security experience with at least five years focused on Threat Hunting, Incident Response, or Detection Engineering.
- Expert level abilities to collect and analyze forensic artifacts across multiple major operating systems (Windows, Linux, Mac).
- In-depth attack surface knowledge of one or more major cloud providers (AWS, Azure, GCP).
- Proficiency in using python or other similar scripting language to interact with APIs or manipulate large datasets for analysis.
- Bachelor's degree in computer science or a related discipline, or equivalent work experience in information systems or intelligence required, advanced degree preferred.
- One or more relevant security certifications (GCIH, GCIA, GCFE, GCFA, SANS, AWS Certified Cloud Practitioner, AWS Certified Security Specialty, or comparable).
Tech Stack
- AWS
- Azure
- Cloud
- Cyber Security
- Google Cloud Platform
- Linux
- Python
Benefits
- flexibility to work from home near one of our Hubs or come into one of our offices
- in-person engagement activities such as weekly business or team meetings
- training and culture events