Client needs to establish a strong effective Cybersecurity function to protect assets within it's organization as the attack surfaces expands. Identify, protect, detect, respond and recover framework needs to be implemented to defend against threat actors. Team will contribute to protecting valuable assets while mitigating potential business damage that is intensifying currently in Cybersecurity threats, vulnerabilities, risks and regulatory requirements compliance globally.
Hands On Experience:
Point of contact to drive all cyber incidents managed by Cybersecurity Team
Logging & Monitoring intelligence sources to maintain situational awareness of the cyber threat landscape
Containment, Level 1 Incident Response and end to end investigations
Security Operations Management (SOC) management for security incidents
Forensics, eDiscovery, DLP
Create security incident reports and metrics
Building and executing Vulnerability analysis programs
Building and executing Threat and Intelligence hunting Programs
Identification and validation of security flaws
Keep cybersecurity incident status up to date through regular updates
Facilitate Pentesting, red teaming blue teaming, tabletop exercises
Oversee all aspects of cybersecurity incident management process from evaluation to driving incidents to resolution based on criticality level
Coordinate with external parties involved with incident response
Document and define improvements over cybersecurity incident playbooks
Conduct ad-hoc testing on an as needed basis to assist with development activities or vulnerability remediation
Collaborate with all stakeholders as required for incident response
Skills:
Familiar with risk management and controls frameworks, cyber kill chain and NIST incident response life cycle
Understanding of Security Governance, Risk & Compliance
Strong DLP tools knowledge
5+ years of experience with cybersecurity related activities
Experienced in dealing with cyber incidents
Proven experience in security operations and monitoring
Working knowledge about SIEM architecture
Hands on experience with Exabeam, LogRhythm, Splunk, Elastic Stack, or industry equivalent at a user level
Being able to work with a diverse set of stakeholders in the organization from technical through executive management. Strong report writing and communication skills.
Strong written and verbal communication in English
Understanding crisis management, business continuity and disaster recovery procedures
Ability to understand technical topics dealing with technical teams and explain and present them to management level executives
Being able to handle multiple completing priorities in a fast-paced environment to proceed high priority tasks to a resolution
Familiarity with related publications such as: NIST 800-61(Incident Handling), NIST 800-30(Risk Assessment), NIST 800-52(Security Controls)
Specialized experience with Blue Teaming or experience working with a Security Operations Center performing a variety of services listed above in responsibilities.