Cyber Security Operations Team Lead

Svbank (Salt Lake City, WB, India) 20 days ago

Position Summary:



Protect SVB by providing timely response to Cybersecurity threats, incidents, and requests for investigation utilizing industry leading tools and practices. Develop playbooks and automation for repeatable tasks to speed the investigation of and provide accurate and consistent response to security events. Provide expert forensic analysis to support investigations and regulatory requests from SVB business units.



This position will lead a team of cybersecurity professionals in their day-to-day work detecting and responding to cyber security events and assisting them in career development and growth. This position reports to the manager of Cyber Security Operations and is responsible for maintaining a library of detection and response runbooks. This position is an expert in many cyber security domains and assists and trains analysts and works with them to complete complex investigations and drives continuous improvement for the team. This position works both independently and as a leader on collaborative teams to accomplish complex projects. This position will maintain metrics on cyber security events and prepare post-incident communications and reports. This position contributes to Cyber Security Operations policies and procedures. This position defines and leads projects in support of security detection and response, strategy and process. This position may be required to testify in court if necessary. This position may participate in an on-call rotation.

Knowledge:




  • Legal and regulatory requirements for financial services

  • Leadership principles

  • Log analysis and forensic investigation

  • Cyber security policies, standards, procedures, and processes

  • A wide variety of enterprise wide IT systems such as operating systems, directory services, cloud services, mobile device management, virtualization, network devices, network protocols, web servers, databases, firewalls, etc.

  • Host and memory forensics on Windows, Mac and Linux operating systems

  • Advanced log analysis

  • How threat actors target, exploit and behave within a compromised network

  • How systems get infected and common malware behavior

  • Cybersecurity Threat Intelligence (CTI) and Indicators of Compromise (IoCs)

  • Amazon Web Services and Azure logging methods




Skills:




  • Demonstrate group and project leadership skills

  • Lead incident response and/or computer forensics investigations

  • Support other investigations (HR, Legal, compliance, regulator requests, etc.)

  • Communication proficiency, oral and written

  • Document investigative and research findings

  • Coordinate efforts among legal, human resources, corporate compliance, law enforcement, and outside information security emergency handling agencies

  • Investigate account take over and other attacks against web based services

  • Review alerts and log data from a wide variety of sources

  • Evaluate operating system logs, application logs, firewall, IPS, sand boxing, host security, network devices, vulnerability management, DLP, network forensics, etc.

  • Complete forensic investigations of hosts, mobile devices, memory, etc.

  • Hunt for security events using large data sets

  • Collect and preserve evidence following industry best practices and established procedures

  • Lead gap assessments, upgrade paths, bug fixes and necessary workarounds for new IT security issues




Required Education and Experience:




  • Bachelor’s Degree with major in Computer Science, Cyber Security, Engineering, or related field

  • Five or more years of experience in incident response, computer forensics, or security engineering. Some technical, IT, or digital investigative experience will be considered in meeting this requirement

  • Outstanding collaboration, problem-solving and negotiation skills

  • Proven strategic thinking skills to solve complex enterprise and business challenges

  • Proven ability to lead cyber security teams

  • Management of cybersecurity cases and incidents

  • Writing of enterprise policies, standards, procedures, processes, and runbooks


Preferred Education and Experience:




  • Master’s Degree in a relevant subject

  • Scripting using Python or Powershell

  • Security Information and Event Management (SIEM)

  • Log management and log analysis

  • Cyber security case management

  • Endpoint security tools such as: antivirus, data loss prevention, endpoint detection and response, forensic analysis, etc.

  • Vulnerability management

  • Host and memory forensics on Windows, Mac and Linux based computers

  • Cloud infrastructures such as AWS or Azure




Preferred Certifications:




  • Certified Information Systems Security Professional (CISSP)

  • Certified Cloud Security Professional (CCSP)

  • Splunk Enterprise Certified Admin

  • AWS Certified Security - Specialty

  • Certified Forensic Computer Examiner (CFCE)

  • GIAC Certified Incident Handler (GCIH)

  • GIAC Certified Enterprise Defender (GCED)

  • CompTIA Advanced Security Practitioner (CASP)

  • GIAC Security Expert (GSE)

  • Certified Ethical Hacker or Computer Security Incident Handler (CSIH)

  • GIAC Certified Forensic Analyst (GCFA)

  • GIAC Advanced Network Forensics (GNFA)

  • GIAC Intrusion Detection (GCIA)

  • GIAC Security Essentials (GSEC)

  • Project Management Professional (PMP)

  • Systems Security Certified Practitioner (SSCP)

  • CompTIA (Security+)

  • EnCase Certified Examiner (EnCE)

  • Access Data Certified Examiner (ACE)

Primary Location: Salt Lake City

Other Locations: Tempe

Job: IT/Engineering/Project Mgmt

Organization:

Schedule:

Shift:

Employee Status:

Job Type: Full-time

Job Level:

Travel: Yes, 5 % of the Time

Job Posting: Apr 13, 2021, 7:39:32 AM

Cyber Security Operations Team Lead

Apply On Company Site
Back to search page
;