Ms Ms

Vice President, Cybersecurity Operations

Ms Ms

full-time

Posted on:

Location Type: Remote

Location: TennesseeUnited States

Visit company website

Explore more

AI Apply
Apply

Job Level

Lead

Tech Stack

DNSJenkinsKafkaLinuxPythonShell ScriptingSOAPSparkSplunkSQLTCP/IPUnix

About the role

  • Supervise and govern the development of analytics in Splunk (SPL) or Elastic Search (EQL) to detect actionable security alerts
  • Develop and fine-tune advanced detection rules, alerting mechanisms, and use cases to identify and respond to sophisticated security threats
  • Create comprehensive security metrics, reports, dashboards, providing detailed insights into the organization's security posture
  • Ensure that the SIEM solution complies with global regulatory standards and industry best practices
  • Mentor and guide SIEM engineers, fostering a culture of continuous learning and development within the team
  • Participate in the development of the organization's security strategy and contribute to its execution
  • Monitor and support SIEM platforms to ensure security and stability of SOC infrastructure
  • Provide day-to-day leadership and oversight for the SIEM engineering team, ensuring alignment with strategic goals and operational priorities
  • Facilitate regular team standups, retrospectives, and planning sessions to promote transparency and accountability
  • Coach team members on technical and professional growth, offering constructive feedback and career development support
  • Champion a collaborative and inclusive team culture that encourages innovation, ownership, and continuous improvement
  • Identify and address skill gaps through targeted training, mentoring, and knowledge-sharing initiatives
  • Act as a point of escalation for technical challenges and team dynamics, resolving issues with empathy and decisiveness
  • Collaborate with cross-functional teams to ensure seamless integration of SIEM capabilities into broader cyber response workflows

Requirements

  • Minimum of 15 years of experience in cyber detection engineering or incident response
  • Experience in the creation and management of detection logic in SIEMs (e.g Elastic Search, Splunk, ArcSight, Microsoft Sentinel).
  • Experience with SIEM rule tuning, correlation logic, alert de-duplication and false-positive reduction techniques
  • Experience developing automations in SOAR (e.g. Palo Alto XSOAR, SumoLogic, Swimlane)
  • Strong hands-on experience with a query language (e.g Splunk's SPL or Elastic's EQL, SQL)
  • Strong understanding of network security, endpoint detection and computer forensics
  • Strong knowledge of exploitation techniques (e.g. MITRE) and use-case development
  • Thorough TCP/IP and protocol experience (OSI L2-L7, DNS, HTTP, REST, SOAP)
  • Highly experienced with Unix/Linux command-line tools and shell scripting
  • Experience within the application of Indicators of Compromise (e.g. YARA rules, STIX and TAXII)
  • Experience with streaming data frameworks (e.g. Kafka, NiFi, Spark)
  • Experience with CI/CD technology (e.g Jenkins, GitLab CI, GitHub Actions)
  • Experience in the administration of systems (e.g. servers, desktops) or security controls (AV, Endpoint, IDS)
  • Intermediate experience developing scripts in Python
  • Strong communication, task management and organizational skills
Benefits
  • Competitive salary
  • Flexible working hours
  • Professional development budget
  • Home office setup allowance
  • Global team events
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
cyber detection engineeringincident responsedetection logicSIEM rule tuningcorrelation logicalert de-duplicationfalse-positive reductionautomations in SOARquery languagenetwork security
Soft Skills
leadershipmentoringteam collaborationcommunicationtask managementorganizational skillscoachingtransparencyaccountabilitycontinuous improvement