Must Have Technical/Functional Skills

• Lead security incidents from a technical perspective, responsible for responding to security incidents and performing forensics, including major ones, performing data gathering and communications tasks as required.
• Analyzing network traffic to identify malicious activity or compromised systems, prevent successful attacks
• Investigate data breaches and malicious activity leveraging forensics tools; analyze Windows, and Linux, in cloud environments to identify Indicators of Compromise (IOCs) and Indicators of Attack (IOA); examine firewall, web, database, and other log sources to identify evidence of malicious activity
• Work closely with engineering teams to continuously provide technology requirements and use cases for enabling technologies including but not limited to SIEM, SOAR, Case Management, EDR, Intrusion Detection Systems, HIPS, Web Proxy/Content Filtering, Active Directory, and any other tools needed
• Lead, build, and maintain DFIR runbooks and response procedures
• Mentor and lead Incident Responders from a technical perspective
• Technical Cloud IR and Cloud forensics SME
• Drive Security Incident Lessons Learned back into the business
• You will build and advance our Security Incident Response program through implementation of incident management best practices
• You will serve as an escalation point for complex security incidents and act as an incident manager to coordinate response efforts across multiple teams and timezones
• You’ll work across various security teams to influence our signal collection, prevention and detection strategies
• Building strong relationships with the other technical teams across our engineering and infrastructure functions
• Responsible for the continuous maturity of Incident Response processes and the management of a globally distributed Incident Response team.
• Perform root cause analysis and guide Junior analysts, to recommend security improvements to prevent future incidents or events similar to those witnessed in the past. Ensure peer review happens as much as possible.
• Owns and ensures documentation of processes and procedures are current.
• Develops and conducts tabletop exercises.
• Maintains situational awareness for cyber threats across the global firm and take action where necessary.
• Leads or participates in information security-related projects or in managing strategy.
• Develop new forensic detective and investigative capabilities using current technical solutions.
• Work with various business units and technical disciplines in a security consultant role for cyber threats.
• Adapt defense and detection capabilities based on intelligence obtained externally or from previous incidents, including Threat Intelligence and Threat Hunting.
• Help automate any team repetitive tasks and make process more efficient.
• Drive incident response engagements through forensic investigations, contain security incidents, and provide guidance on longer term remediation recommendations.
• Track emerging security practices and contribute to building internal processes, and our various products.
• Contributes to the technical strategy and acts in an advisory capacity to colleagues. Uses specialized expertise in one or more areas to interpret internal or external business issues and recommends best practices.
• Possesses specialized expertise in own job family/discipline and working knowledge of other related job families/job disciplines.
• Contributes ideas and influences technical decisions
• Solves highly complex problems. Is able to identify viable and often innovative options and use analytical skills and judgement to recommend an appropriate solution.