Essential Job Functions
•Leads a team of SOC operation and analysts responsible for SIEM/SOC/hunting and incident response processes
•Monitoring the company's assets, network, cloud and data ensuring the prevention of cybersecurity events that negatively might impact confidentiality, availability, and integrity.
•Overall accountability for development, implementation, and effectiveness of vulnerability management and security testing programs and initiatives.
•Monitor and analyze attempts efforts to compromise security protocols. Identify and investigate activities and conduct and provide analysis of results.
•Coordinate, document, and report on internal investigations of security violations
•Author and coordinate security status reports to provide system status, report potential and actual security violations and provide procedural recommendations
•Leads security incident response efforts by maintaining an in-depth knowledge of common attack vectors, common security exploits, and countermeasures. Responds to all information security relevant events (hacker intrusions, virus infections, denial of service attacks, etc.)
•Research current trends of information security and event monitoring, and keeps up-to-date with technology. This includes analyzing and writing internal reports regarding publicly available threats and breaches and constantly looking for Diebold information on the internet.
•Responsible for driving execution of daily, weekly, and monthly metrics for statistical threats and KPIs
•Mentoring and training for the purpose of processes and skills enhancement to continuously improve the SOC ability to identify and response to threats.
•At least 3 years of experience in IT security with vast experience in SOC and hunting and a minimum of 2 years’ experience as a team leader
•Ability to serve as a technical lead for any incident response and investigation.
•Proficiency with forensic techniques and the most commonly used forensic tool sets
•Experience with conducting log analysis of OS Event Logs, Apache, IIS, and firewall logs.
•Experience with SIEM and SOC systems - a must
•Ability to work under pressure and in multi-tasking environment.
•Ability to engage with internal peers in order to achieve required deliveries.
•Ability to work with global teams
•Industry standard certifications highly preferred; CISSP, CISM, or similar – an advantage