Cyber Security Incident Response Lead

Intellibee - Charlotte, NC

posted 3 months ago

Full-time - Senior
Charlotte, NC
Professional, Scientific, and Technical Services

About the position

The Cyber Security Incident Response Lead position at Intellibee is a critical role within the Information Protection and Risk Management (IPRM) team. This position is responsible for developing and implementing a comprehensive approach to managing security risks at Ally. The candidate will collaborate closely with subject matter experts from various teams within IPRM to effectively manage responses to cyber security threats and incidents. This role requires a strong understanding of security policies and best practices, as well as the ability to lead investigations into information security events and incidents. In this position, the Cyber Security Incident Response Lead will be tasked with driving efforts towards the containment of threats and the remediation of the environment during or after an incident. The individual will maintain and improve Ally's CyberSecurity Incident Response plan, ensuring that it is up-to-date and effective in addressing potential security risks. Additionally, the lead will have audit management responsibilities, ensuring that identified gaps are addressed promptly to reduce risk. The role also involves contributing to the development and prioritization of use cases, as well as process improvements through the development of new detections and changes in response processes. The Cyber Security Incident Response Lead will perform complex security investigations and root cause analyses, participate in a rotating on-call schedule for after-hours information security events, and conduct post-incident reviews and after-action reports. The individual will coordinate with technical teams and third-party vendors to resolve incidents efficiently and ensure that all incidents are recorded and tracked to meet audit and legal requirements. This position also serves as an escalation point for the PCI environment, providing guidance for monitoring and response.

Responsibilities

  • Lead investigations into information security events and incidents.
  • Drive efforts towards containment of threats and remediation of the environment during or after an incident.
  • Maintain and improve Ally's CyberSecurity Incident Response plan.
  • Lead audit management responsibilities to ensure identified gaps are addressed in respect to required timing to reduce risk.
  • Contribute to the development of use cases and prioritization of use case development.
  • Contribute to the process improvement process through development of new detections and changes in the response processes.
  • Perform complex security investigations and root cause analyses.
  • Participate in a rotating on-call schedule for after-hours information security events and incidents.
  • Perform post-incident reviews and after-action reports.
  • Assemble and coordinate with technical teams and third-party vendors to resolve incidents as quickly and efficiently as possible.
  • Ensure that all incidents are recorded and tracked to meet audit and legal requirements where necessary.
  • Function as a stakeholder to strengthen the overall response framework inclusive of SOC and CSIRT.
  • Serve as an escalation point for the PCI environment including guidance for monitoring and response.

Requirements

  • Minimum of five years information security specific experience.
  • Deep understanding of network protocols and troubleshooting.
  • Deep understanding of server and workstation operating systems.
  • Broad understanding and experience managing security mitigation solutions at all layers and protocols.
  • Experience securing multi-cloud environments, FaaS, and CI/CD pipelines.
  • Experience securing applications and APIs.
  • Bachelor's degree in information systems or equivalent experience.
  • Ability to analyze large data sets and unstructured data for identifying trends and anomalies indicative of malicious activity.
  • Strong knowledge of current security threats, techniques, and landscape.
  • Ability to research, develop, and keep abreast of tools, techniques, and process improvements in support of security detection and analysis.
  • Ability to incorporate threat intel data into existing security solutions to monitor or prevent current threat actors.
  • Experience with cyber hunting practices/exercises using SIEM, enterprise search tools, or other solutions.
  • Excellent communication skills (verbal and written).
  • Excellent problem-solving skills and troubleshooting skills with a strong attention to detail.

Nice-to-haves

  • Cloud experience - preferably Azure/AWS security experience.
  • GCIA, GCIH, or other GIAC certifications preferred.
  • Forensic capability and automation.
  • Practical experience with Splunk/Sort/Phantom.
  • AI skills.
  • High emotional intelligence (EQ).
  • Ethical hacker skills.
  • Ability to lead calls as an incident commander.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service