Technical Lead - Cyber Research & Response

October 20

Apply Now

Receive Emails with Similar Jobs

Difenda

WebsiteLinkedInAll Job Openings

Cyber Risk & Compliance • Cyber Advisory • Cyber Intelligence • Cyber Operations • Managed Detection and Response

51 - 200 employees

Founded 2008

🔒 Cybersecurity

🏢 Enterprise

Description

• Lead the delivery of advanced Managed Extended Detection & Response (MXDR) service processes, including remote incident response, threat event lifecycle management, Threat Hunting, and Threat Intelligence activities • Lead and execute escalated remote incident response engagements, including incident triage and containment, forensic artefact analysis, incident reporting, and stakeholder management (customers, internal SOC, legal teams, etc.) • Provide proper and intelligent Incident Handling during active Incident Response engagements • Actively execute Threat Hunting and other proactive activities in customer environments • Support the implementation and maintenance of Threat Intelligence practices, including IOC integration into MDR services and providing customer specific tactical and C-Level threat intelligence briefs • Develop, execute, and train staff on MXDR service threat triaging, Threat Hunting, and Threat Intelligence processes • Provide technical guidance and mentorship to SecOps Analysts • Develop and enforce standards and processes to ensure high quality MXDR service delivery (e.g. case management standards) • Work closely with the Cyber Research & Response team members to iteratively enhance MXDR capabilities and other managed security services (e.g. sharing activity results for detection engineering requirements) • Support customer service communications, including operational and executive level meetings and reporting • Identify, develop, communicate and implement process improvements to streamline C3 practices and enhance the customer experience

Requirements

• Minimum of 5 years of IT security related work experience required • College Diploma or University Degree, preferably in technology, required • Strong technical experience in the execution of security operations processes, including threat event lifecycle management, Incident Response, Forensic Investigations, Threat Hunting, and Threat Intelligence activities • Strong technical expertise with security operations technologies including but not limited to SIEM, EDR, Threat Intelligence, and SOAR platforms • Certifications in digital forensics and incident response, such as GIAC GCFA, GCFR, GCIH, GREM strongly preferred • Experience with some of the following technologies preferred: Microsoft Sentinel, Microsoft Defender for Endpoint, Microsoft 365 and Azure security services, Azure services and cloud service automation • Experience working with security operations teams required • Strong background in customer service and communications required • Strong presentation development, reporting and delivery skills required • Familiarity with Agile methodologies such as Lean, Scrum and Kanban preferred • Strong ability to communicate and document clearly and effectively • Ability to follow processes and guidelines • Ability to work with all levels of staff • Ability to take personal initiative and observe confidentiality • Ability to work with internal and external vendors in a professional manner • Ability to multi-task in a fast-paced environment