Cyber Threat Defense Lead - SIEM Tools (3-8 yrs)

Cyberthreat Defense Lead/ Sr. Engineer

- Implement, monitor and manage cybersecurity tools including CrowdStrike, Cylance, Varonis, and/or Mimecast, to identify and respond to security threats.

- Setup and maintain cybersecurity monitoring operations in partnership with external Managed Security Services Provider (MSSP), and perform triage to determine scope, urgency, and potential impact of security incidents and/or vulnerabilities.

- Investigate and analyze security incidents, escalating and coordinating response efforts as necessary, and as defined in the Incident Response Plan (IRP).

- Maintain the Incident Response Plan (IRP) and keep it up to date.

- Perform root cause analysis on each security incident and make recommendations to mitigate similar incidents in the future.

- Identify and analyze vulnerabilities and make specific and prioritized recommendations for remediation and mitigation solutions.

- Conduct regular network penetration testing to assess vulnerabilities and recommend security enhancements.

- Proactively search for threats using Computer Network Defense (CND) tools including intrusion detection system alerts, firewall and network traffic logs, and host system logs.

- Implement and manage an enterprise SIEM tool.

- Generate detailed reports on security assessments, incidents, and ongoing security activities, and develop, track, and report on relevant cybersecurity metrics on a regular basis.

- Collaborate with infrastructure, network, applications, integrations, and BI teams to secure system, network, and application architectures.

- Review the cybersecurity program with Governance, Risk and Compliance teams and provide them with requested cybersecurity reports and metrics.

- Make improvements and suggestions to advance the overall security processes in place.

- Develop, implement, and maintain security policies, procedures, and best practices.

- Maintain the internal information security awareness site and ensure that up to date and relevant training material and information is available.

- Promote a strong cybersecurity culture within and outside of IT.

- Stay current with the latest cybersecurity trends, threats, and best practices.

Qualifications :

- Bachelor's or Master's degree in Computer Science, Information Technology, Cybersecurity, or a related - field.

- Comprehensive understanding of cybersecurity principles, practices, and technologies.

- Proven experience in cybersecurity role with tools such as CrowdStrike Falcon, CrowdStrike Exposure Management, CrowdStrike Identity Protection

- Hands-on experience with network penetration testing, vulnerability assessments, and remediation strategies.

- Strong knowledge of network protocols, system vulnerabilities, and attack vectors.

- Experience deploying and working with cybersecurity tools in Microsoft Azure and Microsoft 365.

- Experience working with an enterprise SIEM tool.

- Experience analyzing log files and correlating security related events.

- Demonstrated strategic thinking, problem-solving, and decision-making abilities.

- Excellent communication and interpersonal skills, with the ability to distill complex technical concepts into clear, concise communications.

- Ability to independently prioritize competing initiatives and manage multiple tasks simultaneously in a fast-paced environment.

- Exceptional time management skills.

- Experience working with third-party Managed Security Services Providers (MSSPs) is highly desirable.

- Experience with NIST Framework is highly desirable.

- Relevant certifications such as CEH, CISSP, OSCP, CISM, CompTIA Security+ or equivalent is highly desirable.