Responsibilities
- Maintains knowledge of current and emerging developments/trends for assigned area(s) of responsibility, assesses the impact, and collaborates with senior management to incorporate new trends and developments in current and future solutions.
- Directs and enhances organizational initiatives by positively influencing and supporting change management and/or departmental/enterprise initiatives within assigned area(s) of responsibility.
- Identifies and directs the implementation of process improvements that significantly improve quality across the team, department and/or business unit for his/her assigned area(s) of responsibility.
- Provides subject matter expertise to team members and applicable internal/external stakeholders on complex assignments/projects for his/her assigned area(s) of responsibility.
- Provides direction on complex assignments, projects, and/or initiatives to build and enhance the capability of his/her assigned area(s) of responsibility.
- Creates, scripts, and maintains mission-critical correlation searches and alerts leveraging diverse log sources and types including and not limited to AWS, CASB, Firewall, HIPS, IPS, DLP, Proxy, DNS.
- Provides subject matter expertise in security logging and alerting best practices within the Security Operations Center to detect and prevent security incidents.
- Optimizes alerting and response techniques utilizing complex and/or cutting-edge machine learning, automation, and orchestration techniques.
- Provides subject matter expertise for alerting and analyzing security events within the Security Operations Center to prevent and address security incidents.
- Monitors and provides assurance of the overall health and effectiveness of prevention, detection, and response capabilities.
- Architects procedures for how and what the Security Operations Center responds to.
- Collaborates with security engineering and cyber threat intelligence teams to implement security tools within the IT Security Operations area.
- Provides training and mentoring to team members.
Experience
- 5 – 7+ Years of IT Security experience, in areas such as security operations, incident analysis, incident handling, and vulnerability management or testing, log analysis, intrusion detection that directly relates to the responsibilities of this position. (Required)
- Hands-on experience with Splunk
- Cybersecurity experience is required
- An Intermediate understanding of Python as a scripting language is required
- AWS experience is required