Posted on 6.20.17 | CSIRT (Cyber Security Incident Response Team) Lead/Threat Intel/Cyber Hunter | Detroit, MI

Posted on 6.20.17 | CSIRT (Cyber Security Incident Response Team) Lead/Threat Intel/Cyber Hunter | Detroit, MI

ISSA's picture

Position Description
The CSIRT (Cyber Security Incident Response Team) Lead/Threat Intel/Cyber Hunter position is a member of the Information Protection and Risk Management team and works closely with other members of the IPRM program to develop and implement a comprehensive approach to the management of security risks. The lead works with subject matter experts drawn from other teams within IPRM to manage the response to cyber security threats and incidents.
This role is also responsible for working with other team members in responding to security incidents per established policies and best practices. Additionally the role will have responsibility to incorporate threat intelligence from multiple feeds into existing threat response processes.
Job Responsibilities
• Lead investigations into information security incidents.
• Drive efforts towards containment of threats and remediation of environment during or after an incident.
• Perform complex security investigations and root cause analyses.
• Assemble and coordinate with technical teams and third-party vendors to resolve incidents as quickly and efficiently as possible.
• Ensure that all incidents are recorded and tracked to meet audit and legal requirements where necessary.
• Coordinate ingestion of threat intelligence as it pertains to the response process and relevant vectors of attack.
• Coordinate Cyber Hunting exercises and maintain playbook.
• Oversee direction for SOC team and L1 response procedures.
• Build/Review use cases to be incorporated into the response process for real time alerting.
Qualifications
• Deep understanding of network protocols and troubleshooting
• Deep understanding of server operating systems
• Broad understanding and experience managing security mitigation solutions at all layers
• Minimum of three years information security specific experience
• Bachelor's degree in information systems or relevant field of study
Technical Competencies
• Ability to analyze large data sets and unstructured data for the purpose of identifying trends and anomalies indicative of malicious activity, as well as demonstrated capability to learn and develop new techniques.
• Strong knowledge of current security threats, techniques, and landscape, as well as a dedicated and self-driven desire to research current information security landscape
• Ability to research, develop, and keep abreast of tools, techniques, and process improvements in support of security detection and analysis in accordance with current and emerging threat and attack vectors
• Ability to incorporate threat intel data into existing security solutions to monitor or prevent current threat actors.
• Experience with cyber hunting practices/exercises using SIEM, Enterprise search tools, or other solutions.
• Excellent communications skills (verbal and written) are required
• Excellent problem solving skills and troubleshooting skills with a strong attention to detail
• Ability to interact with personnel at all levels across the organization and to comprehend business imperatives.

Contact Information:

Alicia Nalepa | analepa@vaco.com