Our client is looking for a highly motivated individual to join our Information Security team. The Head of Security Monitoring is responsible for building the program to detect advanced threats and escalate for investigation and response. This is a technical role that will build and maintain client’s security monitoring strategy. In this role, you will understand existing tools, capabilities, and current threats to build accurate, targeted detection content including rules, alerts, and signatures.
- Lead, develop, and drive client’s Security Monitoring program
- Collaborate with operational team to build and maintain basic security alerting from the various security technologies, including establishing decision making criteria on what is important to manually investigate, and what can be automatically investigated.
- Analyze, develop, and maintain log ingestion requirements to support detection and response capabilities
- Identify, test, and develop targeted attack detection capabilities including correlating data across disparate sources.
- Partner with application and system owners to ingest logs and define relevant monitoring use cases and correlations
- Lead SOC operation and analysts
- Develop and maintain a threat detection framework that is aligned and mapped to industry frameworks that measures our ability to detect threats against the latest and greatest tactics and techniques.
- Review new security product capabilities, available telemetry data, and collaborate with operational teams on developing and/or updating detection use cases.
- Participate in the development and execution of client’s Incident Response plan as needed
- Bachelor’s degree with 10 years of Information Security experience (inclusive of threat intelligence, incident response, and/or SOC) or equivalent
- Expert level knowledge and understanding of the attack chain, adversary tactics, techniques, and procedures, emerging threats and vulnerabilities
- Expert level understanding of what telemetry and visibility exists from various security and network product (Firewalls, Network IPS, Endpoint A/V and EDR, server logs, Netflow, email gateways, etc.)
- Expert level knowledge of host and network-based security products and how those products affect exploitation and reduce vulnerability
- Expert level ability to develop or recommend analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists.
- Expert level knowledge of SIEM’s, how they work, how their value can be maximized and leveraged to mature monitoring and detection processes
- Expert level ability to bring multiple datasets together and apply analytical concepts to achieve data correlation for solving more complex problems
- Demonstrated skills in identifying hidden patterns and relationships within data sets
- Demonstrated ability to function in a collaborative environment, applying learnings from analysts, experts, and teams to improve analytical and technical expertise.
- Demonstrated skill in identifying cyber threats that may impact the organization and/or third parties, and being able to think like a threat actor
- SOC analyst and/or incident response experience
- Strong analytical and creative problem-solving skills
- Excellent verbal and written communication skills with the ability to effectively interact with team members and stakeholders
- Demonstrated personal values aligned with our servant leadership tenants
- Experience in Financial Services / Life Insurance (preferred)
- Any relevant security certifications, such as GIAC or CISSP (preferred)