Spearhead key technical and strategic Incident Response initiatives with specific focus on Cloud Incident Response capabilities.
Benchmark and implement industry best practices for incident response and cybersecurity operations, such as MITRE ATT&CK and NIST Cybersecurity Framework (CSF).
Provide technical leadership and expertise to enable proactive detection of potential security threats and recommendations for improvements in overall security posture.
Proactively identify, research, and dissect emerging attack techniques to develop custom detection, containment, and remediation plans to support the JSOC.
Act as the technical SME for complex and priority targeted detection and response projects aimed at rapidly improving controls related to priority threats.
Coordinate with multidisciplinary teams across intel, detection, engineering and technology to iteratively improve security controls and detection capabilities.
Provide counsel to management regarding vendors and technologies, and interact with suppliers to ensure appropriateness of security tools and their configuration.
Mentor, and upskill less-experienced team members across cyber operations through coaching collaboration and leadership.
Interface with industry peers to acquire and share Incident Response best-practices in the sector.

Requirements

Minimum seven years of cyber security experience with at least five years focused on Threat Hunting, Incident Response, or Detection Engineering.
Expert level abilities to collect and analyze forensic artifacts across multiple major operating systems (Windows, Linux, Mac).
In-depth attack surface knowledge of one or more major cloud providers (AWS, Azure, GCP).
Proficiency in using python or other similar scripting language to interact with APIs or manipulate large datasets for analysis.
Bachelor's degree in computer science or a related discipline, or equivalent work experience in information systems or intelligence required, advanced degree preferred.
One or more relevant security certifications (GCIH, GCIA, GCFE, GCFA, SANS, AWS Certified Cloud Practitioner, AWS Certified Security Specialty, or comparable).

Benefits

flexibility to work from home near one of our Hubs or come into one of our offices
in-person engagement activities such as weekly business or team meetings
training and culture events

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

Incident ResponseThreat HuntingDetection EngineeringForensic AnalysisCloud SecurityPythonAPI InteractionData AnalysisCybersecurity OperationsSecurity Posture Improvement

Soft Skills

Technical LeadershipMentoringCollaborationCoachingCommunication

Certifications

GCIHGCIAGCFEGCFASANSAWS Certified Cloud PractitionerAWS Certified Security Specialty