***We are unable to sponsor as this is a permanent full time role***
A prestigious fortune 500 company is on the search for a Director of Information Security. This position is revolved around Cyber Security Incident Response team. This director will have 1 direct report who has 8-10 people reporting to them. This team will be looking over the global security operations center and will work with SIEM products such as Splunk. Splunk experience is a requirement for this position.
- Lead, manage and mature the people, process, and technologies present in a 24x7 global security operations center.
- Collaborate with stakeholders such as Disaster Recovery and Business Continuity to support security larger initiatives, assessments, and resilience testing.
- Develop and direct the Enterprise Incident Response Program ensuring continuous maturity.
- Define and maintain dashboards and metrics that support Incident Response Program and Cyber Security Operation Center maturity efforts.
- Provide cyber security briefings, status updates, and consultancy to various audiences, including technical and executive leadership teams.
- 5 to 7 yrs. of People Management Experience
- 10+ yrs. of Experience working in Enterprise Security
- In-depth experience leading security incident response processes in the cloud, virtualized, and on-prem environments.
- Thought leader in security engineering and operations delivery – driving visibility, automation, analytics, and advanced threat analysis.
- Extensive and direct experience in high-pressure situations managing and responding to complex technical cyber security incidents.
- Proven skills in various elements of incident response, including but not limited to computer intrusion investigations and digital forensics in enterprise environments.
- Understanding current and emerging threats and associated countermeasures by establishing solid relationships with cyber threat teams and vendors. This includes directing a team on managing, maintaining, and increasing visibility into the organization and applying threat intelligence to proactively mitigate risk.
- Security Operations role or cyber incident response role conducting in depth investigations using internal telemetry data and open-source information to determine whether a given system or user has been compromised is required
- Working with traditional security tools, not limited to, SIEM, AV, EDR, SOAR, IDS/IPS, DLP, etc.
- IT work experience required with a broad exposure to infrastructure/network and multi-platform environments is required
- Hands-on working experience of most common operating systems including but not limited to Windows Server, Windows 10, UNIX/LINUX, Apple OX, Android, iOS environments are required
- Hands-on working knowledge and experience with Splunk is required
- Splunk certifications are a plus
- Cloud Platform technologies (AWS, Google Cloud Platform, Azure, O365) is required
- Experience with integration between Incident Management Systems (SOAR) and SIEM in an enterprise environment is a plus
- Experience with the forensic and incident response process, reverse engineering malware and red teaming is a plus
- Experience of standard business processes including change management, problem management, work prioritization, quality assurance, and continuous improvement best practices, etc. is a plus
- Security certifications (SANS, ISC2, SEI, CFE) are a plus
- Experience with audit support and response, regulatory compliance SOX and PCI-DSS is a plus
- Higher education (Bachelor’s, Masters’, etc.) are a plus.