12+ years of hands-on experience,
The Cyber Security Incident Response Team (CSIRT) under Global Information Security (GIS) team is responsible for coordinating with IT, Legal, Human Resources, and other appropriate business units to gather incident details, assess impact, and coordinate response. This role interacts with all levels of the organization and is viewed as a subject matter expert on Incident Response. The focus of the role is managing and developing a team of Security Analysts, responding to security incidents, and consistently maturing the security incident response process, and building CSIRT’s technical investigative capabilities (process & technology). The role also involves securing both cloud and on-premise infrastructures. You are also responsible to design supportable technical solutions which protect the availability, integrity, and confidentiality of sensitive information and assets and directly support compliance with PCI, SOC, SOX and PII.
How you will help:
• Overseeing security event monitoring, incident handling, reporting and escalations.
• Manage and mentor security analysts regarding risk management, information security controls, incident analysis, incident response, SIEM monitoring, and other operational tasks (tools, techniques, procedures) in support of technologies managed by the Security Operations Center.
• Handling the P1/P2 Incidents for internal and external customer environments .
• Providing periodic updates and RCA to the management for P1incidents.
• Preparing SOC monthly reports and review incidents
• Lead and plan Purple team, IR tabletop exercises and assist with the creation and refinement of Incident Response Run books.
• Serve as liaison between Management, MSS vendors & SOC team.
• Keep track of Indicators of Compromise (IOCs) from new and emerging threats and vulnerabilities, verify applicability in organizational context and initiate remediation activities as necessary.
• Researching the latest information security trends to understand the latest vulnerabilities and threats and interface with Vulnerability Management team.
• Provide subject matter expertise to Governance Risk & Compliance team during IT internal and external audits like PCI, SOC, SOX and PII and in responding to customer questioners.
• Provide valuable inputs and develop use cases for new technology/tool testing during POCs.
• Handle team’s performance appraisal, learning and development.
Who we have in mind:
• Strong management and interpersonal skills are essential, ideally with experience in MSS.
• 12+ years of hands-on experience with focus in areas such as systems, network, or information security with 5+ years of experience leading/managing a SOC team.
• Through understanding of Cyber Kill Chain, MITRE ATT&CK and Security incident Management frameworks and processes.
• Experience in maintaining, configuring and troubleshooting a SIEM infrastructure like QRadar/LogRhythm/Splunk , EDR tools Crowdstrike, Corbon Black or any, cloud security detection tool Prisma Palo Alto or any.
• Creating and maintaining alarm rules, use cases, filters, dashboards, and reports in QRadar to identify malware activity, misconfigurations, and/or anomalies
• Incident Response Run book design and Performance Analytics on Service Now SecOps module.
• Experience leading and coordinating Blue, Purple team & IR tabletop exercises.
• Must have experience with analysis of network traffic, application logs and endpoint artifacts.
• Experience working on Cloud (AWS)/Network Security technologies – AWS Security Groups, Firewalls, VPN, IDS, IPS, proxies, WAF, NAC etc.
• Solid understanding of the underlying LINUX/UNIX and Windows OS security architecture.
• Experience working with AWS & Docker container security solutions.
• Ability to develop, describe, and communicate Security Baselines and Policies.
• Subject matter expertise in overall IT for Governance Risk & Compliance.
• Integrating Log sources for Custom applications into QRadar and associated troubleshooting.
• Self-starter, who can adjust to changing priorities, critical and strategic thinker, negotiator and consensus builder.
• Preferred Information Security professional certifications such as CISM, CISA, GSEC, GMON, CEH.
What we offer:
Synchronoss is proud to be an Equal Opportunity Employer.
As a global company and team, we value and celebrate diversity and are committed to a workplace free from discrimination and harassment. We take pride in fostering an inclusive environment based on mutual respect and merit.
We are at our best when our workforce is dynamic in thought, experience, skill set, race, age, gender, sexual orientation, sexual expression, national origin and beyond