AVP, Threat Informed Defense Engineer (L10)

Job Description:

Role Title : AVP, Threat Informed Defense Engineer (L10)

Company Overview:

Synchrony (NYSE: SYF) is a premier consumer financial services company delivering one of the industry s most complete digitally enabled product suites. Our experience, expertise and scale encompass a broad spectrum of industries including digital, health and wellness, retail, telecommunications, home, auto, outdoors, pet and more.

• We have recently been ranked #2 among India s Best Companies to Work for by Great Place to Work. We were among the Top 50 India s Best Workplaces in Building a Culture of Innovation by All by GPTW and Top 25 among Best Workplaces in BFSI by GPTW. We have also been recognized by AmbitionBox Employee Choice Awards among the Top 20 Mid-Sized Companies, ranked #3 among Top Rated Companies for Women, and Top-Rated Financial Services Companies.
• Synchrony celebrates ~51% women diversity, 105+ people with disabilities, and ~50 veterans and veteran family members.
• We offer Flexibility and Choice for all employees and provide best-in-class employee benefits and programs that cater to work-life integration and overall well-being.
• We provide career advancement and upskilling opportunities, focusing on Advancing Diverse Talent to take up leadership roles

Organizational Overview:

This role is part of the Threat Informed Defense organization, responsible for researching, developing, and maintaining cyber detection capabilities. The team also manages and sources Technical Intelligence, leveraging it to enhance and refine detection methods and defenses against relevant threats. Additionally, it collaborates with the SOC Function (JSOC) and other partners to deliver high-fidelity security alerts, safeguarding Synchrony from cyber threats.

Role Summary/Purpose:

We are seeking a skilled AVP, Threat Informed Defense Engineer (10) with varied threat detection engineering and threat intelligence experience. As a key member of the Threat Informed Defense Team, this individual will be responsible for assessing emerging cyber threats and developing detective controls utilizing advanced techniques. Additionally, in this role the Threat Informed Defense Engineer will proactively identify opportunities for preventative and detective improvements through data analysis and exploration. Join us if you are passionate about staying ahead of the cybersecurity curve, are an inquisitive critical thinker, and thrive in a dynamic, collaborative environment.

This is an IC role and position is remote, where you have the option to work from home. On occasion we may request for you to commute to our nearest office for in person engagement activities such as team meetings, training and culture events. To ensure the safety of our colleagues and communities, we require employees who come together in-person to be fully vaccinated. We re proud to offer you choice and flexibility.

Key Responsibilities:

• Possess expert knowledge of attacker tradecraft and forensic presentation of Tactics, Techniques, and Procedures (TTPs) in one or more domain security domains (Endpoint, Network, Cloud, Identity and Access security).

• Maintain an understanding of attack chains and how adversaries move across security domains.

• Develop detection logic utilizing various query languages or statistical methodologies.

• Perform impactful data analysis and exploration which produces recommended actions.

• Exhibit expertise in testing TTPs within a secure lab setting and developing custom detection content to address identified gaps.

• Foster cross-functional collaboration across IS teams, contributing to the enhancement of detection alerting strategies. This includes spearheading initiatives such as designing detection pipelines, refining alert mechanisms, and automating alerting and response processes.

• Proficient in identifying relevant log sources and developing effective detection mechanisms to detect and respond to security threats proactively.

• Demonstrated ability to clearly document findings and present concise briefings to stakeholders.

• Demonstrate a forward-thinking approach to prioritize and refine a backlog of detection content, leveraging Agile methodologies to ensure proper resource allocation and timely execution of high-priority initiatives.

• Proactively identify emerging cyber threats, conducting thorough assessments to gauge their potential impact on Synchrony.

• Experience and comfort with detection strategies and implementations in multiple OS (Windows, MacOS, Linux) and with cloud-based architectures (Amazon Web Services and Microsoft Azure).

• Develop a deep understanding of Synchronys cyber tool ecosystem, enabling informed recommendations for strengthening control mechanisms and fortifying defenses against potential cyber threats.

• Ability to automate tasks with APIs and serverless scripting.

• Develop and maintain security automation scripts and tools.

• Perform cleanup and sanitation of incoming log sources and events.

• Keeping up with the latest and greatest tools and techniques for combating security threats.

• Support the day-to-day operations of the Security Operations program.

• Maintain knowledge of current security trends and be able to clearly communicate them to the team.

• Assist in responding to emergency situations and security incidents.

Required Skills/Knowledge:

• Bachelor s degree with 4+ years of Information Security or Intelligence experience; OR in lieu of degree, 6+ years of Information Security or Intelligence experience.

• Able to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.

• Demonstrated competence in Python and Splunk Search Processing Language (SPL).

• Demonstrated competence in Agile methodologies.

• Demonstrated competence in developing and securing AWS services.

• Demonstrated competence in developing automation solutions for the triage and response of AWS Cloud security events.

• Able to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.

• Able to function effectively in a dynamic, fast-paced environment.

Desired Skills/Knowledge:

• Applicable Information Security professional certifications (e.g., SANS, AWS Security and Developer based certifications) and tool specific certifications.

• Ability to work independently as well as part of a team.

• Highly analytical, detail-oriented, and strong problem solving with a common-sense approach to resolving problems.

• Expertise to clearly define complex issues despite incomplete or ambiguous information.

• Strong oral and written communications skills.

• Strong interpersonal and critical thinking skills.

• Prior SOC, cyber intelligence, or incident response experience is a plus

Eligibility Criteria

Bachelor s degree with 4+ years of Information Security or Intelligence experience; OR in lieu of degree, 6+ years of Information Security or Intelligence experience.

Work Timings: 03:00PM to 12:00AM IST

For Internal Applicants :

• Understand the criteria or mandatory skills required for the role, before applying

• Inform your manager and HRM before applying for any role on Workday

• Ensure that your professional profile is updated (fields such as education, prior experience, other skills) and it is mandatory to upload your updated resume (Word or PDF format)

• Must not be any corrective action plan (First Formal/Final Formal, PIP)

• L8+ Employees who have completed 18 months in the organization and 12 months in current role and level are only eligible

• L08+ Employees can apply

Grade/Level: 10

Job Family Group: