Cybersecurity Operations – Incident Response Lead
Aktuelle Original-Stellenanzeige
Quelle: StudySmarter Stellenbestand · Status: aktiv · Bewerbung über das zentrale StudySmarter-Formular.
Die ganze Ausschreibung von Jobtailor
Automatisch strukturiert · Originaltext unformatiert geliefert
Das ist der Job
Coordinate with Engineering and IT to build detection engineering into the system development lifecycle.
Darum lohnt es sich
Build and mature a threat hunting and purple team function as part of the overall Security & Threat Operations maturation roadmap. Familiarity with MITRE ATT&CK, cyber kill chain, and threat‑led validation (purple teaming).
Familiarity with scripting or automation tools (e.g., Python, TypeScript) to streamline operations processes. 8+ years in Security Operations, Incident Response, Detection Engineering, or Threat Hunting. 3+ years team lead experience.
Responsibilities Own SIEM/SOAR strategy and daily operations; drive log onboarding, normalization, and high‑fidelity detections across the entire technology landscape, including Core technology infrastructure (Active Directory Domain Services, Entra ID, Okta, Azure control plane, Zscaler, Windows and macOS endpoints, hybrid network) and Productivity/G&A systems (M365, SaaS, business‑specific systems such as Azure IaaS/PaaS services, custom‑developed API services, banking core, financial ledger and reporting systems).
Develop, test, and maintain detection content (e.g., KQL/Sigma), alert routing, and enrichment pipelines that reduce noise and increase true‑positive rates. Integrate threat intelligence (strategic, operational, and technical) into detections and response workflows.
Serve as incident response commander for high‑severity incidents; coordinate cross‑functional responders in Infrastructure, IT, Engineering, Legal, and Compliance. Build, maintain, and continuously improve standard operating procedures (SOPs), runbooks, and playbooks.
Maintain and exercise incident response plans through tabletop and similar activities. Mature evidence handling, forensics workflows, and case management; ensure accurate timelines and regulator‑ready documentation. Drive post‑incident reviews with measurable corrective actions (people, process, technology) and executive readouts.
Own the vulnerability management lifecycle, ensuring coverage of vulnerability discovery, triage, and management across servers, endpoints, network, cloud subscriptions, containers/images, and custom APIs. Prioritize remediation using risk‑based scoring and exploit intelligence.
Track configuration and identity hygiene (e.g., privileged accounts, conditional access, MFA coverage, device compliance) and partner with owners to close gaps. Lead day‑to‑day oversight of the third‑party SOC: queue hygiene, case quality, SLAs, runbook adherence, and continuous tuning to our environment.
Ensure vendor tooling integrations, data retention, and access are compliant with Coastal policies and regulatory expectations. Establish operating rhythms (standups, metrics reviews, post‑incident retrospectives) and standard operating procedures for response, containment, eradication, and recovery.
Build and maintain a Security and Threat Operations strategy in coordination with the Director of Security Engineering and Operations, CISO, and other stakeholders, including software engineering, data engineering, and IT. Develop and report on KPIs and KRIs for the Security and Threat Operations function.
Align SecOps processes to FFIEC/GLBA expectations and industry frameworks (NIST CSF and Cyber Risk Institute Profile). Prepare evidence for audits/exams; provide clear, actionable metrics and board‑level reporting on SOC performance, incident trends, control coverage, and risk reduction.
Partner with Legal, Compliance, Privacy, and Third‑Party Risk on obligations and notifications. Coach analysts on analytical rigor, bias reduction, and structured investigations. Promote a blameless, learning‑oriented culture that prizes speed, accuracy, and craftsmanship.
Requirements Demonstrated success operating in hybrid environments spanning on‑prem AD, Entra ID (Azure AD), Okta, Azure, Microsoft 365, Zscaler, and containerized workloads/APIs. Hands‑on expertise with SIEM/SOAR, EDR, log pipelines, and detection content development including tuning and QA.
Proven incident commander for high‑impact events; adept with forensics, scoping, containment, and executive communication. Strong vulnerability management leadership across technology areas, including risk‑based prioritization and remediation orchestration.
Experience managing outsourced SOC/MSSP providers with measurable improvements to signal quality and response times. Excellent communication skills—able to translate technical risks into business terms and influence across stakeholders.
Bachelor’s degree in Information Security, Computer Science, or related field, or equivalent practical experience. Prior experience in a regulated environment (finance, healthcare, etc.) is strongly preferred. #J-18808-Ljbffr
Bereit?
Bewerbung wird direkt an Jobtailor uebergeben - kein Konto noetig.