INFORMATION SECURITY INCIDENT RESPONSE LEAD
Colorado Springs, CO
EXP 8-10 yrs
DEG Bach
Bonus
Job Description
We are looking for a highly skilled IT Security Threat and Incident Response Lead. The candidate must have a strong technical background in a large, global enterprise, with solid experience to effectively manage security incidents, respond to threats and assess risk.
The successful candidate will be responsible for overseeing our incident response tools and processes, covering proactive planning and prevention, as well as reactive detection and remediation. He/she will own the development of operational playbooks, oversee the incident response process, drive our Security Incident and Event Management (SIEM) technology, and ensure appropriate logging and monitoring across the company’s infrastructure and applications. He/she will drive the critical steps of the incident response, and apply learnings toward our ability to be increasingly proactive in the future.
Major Duties:
• Incident Response Process – Owns the critical process steps – detection, validation, containment, remediation, and communication – for computer-based security events and incidents such as malware infections, potential compromise, Distributed Denial of Service (DDoS), etc.
• Security Incident and Event Management (SIEM) – Drives our strategy for SIEM and oversees the effectiveness of the technology and process. Involves appropriate tuning, correlation of critical logs, connection to our incident response process, and reporting of relevant metrics.
• CITSIRT Team Lead – Respond to critical security incidents and lead escalation teams to close with response, containment and remediation.
• Security Operations Playbooks – Create, maintain and promote a set of security operation playbooks with Agilent’s IT teams to effectively trigger and execute the security incident response process.
• Logging and Monitoring Across infrastructure & Applications – Manages the current state of logging and monitoring, maintains a vision of ideal state of logging and monitoring, and drives a prioritized roadmap to reduce the gaps.
• Internal / External Engagements – Act as Information Security & Risk consultant to various IT and business driven projects and operations.
Qualifications Required:
• Bachelor or Master’s Degree in Computer Science, Information Systems, or equivalent experience.
• At least 8 years of directly related experience in Information Security Threat Management.
• Deep technical skills with IDS/IPS, infrastructure and application logging, and incident management.
• Process management experience with incident response and SIEM.
• Experience with and confidence to develop and socialize security operations playbooks across infrastructure and applications teams in IT.
• Ability to effectively articulate true risk – avoiding tendencies toward fear, uncertainty, and doubt – and the priority of potential remediations.
• Organizational skills to track opportunities / problems and remediation / actions; proven analytical and problem solving ability while being cool under pressure and diplomatic.
• Candidate must be based in either Colorado Springs, Santa Clara or Singapore.
Skills Desired:
• Information security experience in a high-tech manufacturing organization (Intellectual Property focused)
• Demonstrated experience in developing and implementing an operational strategy in a large, complex environment with successful outcomes.
• Ability to work with others having a wide variety of styles, performance, culture, etc.
• Proven effectiveness to communicate with technical and non-technical people alike.