- This role will have supervisory responsibilities. As such, the individual must have a minimum of five years’ experience in the area of people management.
- 7+ year's Cyber Security Incident Response, Security Operations Center and/or Attack Analysis in a large, mission-critical environment with a background in the following:
- In-depth knowledge of network intrusion methods, network containment and segregation techniques
- In-depth knowledge of operating systems (Windows & UNIX, Mac OS X a plus)
- Expert understanding of TCP/IP networking, routing protocols and full packet capture analysis
- In-depth network security expertise including firewall, IDS and IPS
- Experience building baselines of network activity for use in anomaly detection
- Experience with proactive threat hunting techniques and concepts in an enterprise environment.
- Experience with reviewing raw log files, data correlation, and analysis (i.e. firewall, network flow, IDS, system logs)
- Knowledge of enterprise systems and infrastructure
- Proven understanding of log parsing and analysis at a large scale with data clustering tools or techniques
- Experience with a scripting language such as Perl, Ruby, Python, and BASH
- Bachelor's Degree in Computer Science or related field
- Master’s Degree in Engineering, Business Management, or Technology related fields a major plus
- Must be available to collaborate with the SOC Managers in EMEA and APAC as necessary
- Ability to coordinate, work with and gain the trust of business stakeholders, technical resources, and third-party vendors.
- Able to work under pressure in time critical situations.
- Strong attention to detail in conducting forensic analysis combined with an ability to accurately record full documentation in support of the investigation.
- Detailed knowledge of current international best practices in the incident response arena.
- Excellent written and verbal communication skills are required.
- Ability to communicate effectively with business representatives in explaining impacts and strategies and where necessary, in layman's terms.
- Industry standard information security and incident response certifications (CISSP, GCIA, GCIH, GREM, etc) are a plus.
- Memberships and participation in relevant professional associations.
This position is anticipated to require the use of one or more High Security Access (HSA) systems. Users of these systems are subject to enhanced screening which includes both criminal and credit background checks, and/or other enhanced screening at the time of accepting the position and on an annual basis thereafter. The enhanced screening will need to be successfully completed prior to commencing employment or assignment.