|Date Posted||August 1, 2020|
Job title: Information Security Operations Lead
Location: Baltimore, MD 21202
Duration: 6 months with a possible extension
The client is looking for an information security operation lead. With guidance from the Deputy Chief Information Security Officer, you will monitor the managed security services provider and other client information security partners. You will also serve as a lead for client security operations and will be responsible for mentorship of junior analysts and development of procedures in the form of information security playbooks. In addition, you will provide technical guidance on how to investigate and respond to security events and lead information security incident response efforts. This is a challenging role within a growing information security team. It’s an opportunity to perform as an information security operations subject matter expert, while broadening your skills in enterprise wide information security program implementation.
· Identify information security monitoring capability enhancement ideas for increased detection and remediation.
· Guide the managed security service provider and other Client information security partners to validate the appropriate identification, investigation, response and remediation are on track.
· Drive the implementation of new information security monitoring use cases into the managed security services provider-based line.
· Mentor information security analysts through triage and remediation escalations from the managed security service provider as well as other security instrumentation.
· In collaboration with DCISO, develop procedures and ‘playbooks’ for triage and remediation of information security alerts and incidents.
· Mentor information security analysts and IT personnel to operate within playbooks as defined.
· Report on information security monitoring related metrics and key performance indicators (KPIs) as defined by client CISO and DCISO.
· Lead incident response activities, advise and coordinate with senior leadership during active incidents.
· Operate autonomously to further investigate and escalate security events in accordance with protocols and SLAs.
· Be a leader in the expansion and growth of the information security monitoring capability within client information security program; drive integration of new products and services.
· Provide regular status updates and briefings to Information Security management and outside stakeholders.
· Bachelor's Degree or equivalent work experience in computer engineering/science or related field.
· 5 to 8 years of information security, continuous monitoring, and SOC operations experience.
· 3 plus years of SOC tier III level incident response experience.
· Solid understanding of security fundamentals and information security control frameworks.
· Basic technical understanding in the following areas: network communication using TCP/IP protocols, basic system administration, virtual systems, active directory architecture, cloud technologies, web proxies, etc.
· Good team player with excellent interpersonal skills, self-confident, motivated, and capable of working with little to no instructions.
· Ability to multi-task and work under pressure in a fast-paced environment.
· Attention to details and good problem-solving skills.
· Advanced communications and presentations skills (verbal and written) enabling precise conveyance of information.
· Knowledge of MITRE ATT & CK techniques.
· Supervisory and operational experience in 24x7 environment.
· Relevant certifications (CISSP, CEH, GSEC, etc.)