Lead Cybersecurity Engineer

Join our Security Operations Center as a Cybersecurity Lead Engineer, where you'll be the technical expert driving our incident response efforts from escalation to resolution. This role reports directly to the Manager, Security Operations Center. You'll take proactive actions based on exposure, provide strategic recommendations to leadership, and continuously enhance our standard operating procedures and security tools. 

Ideal candidates will showcase a strong blend of business acumen, technological expertise, and security proficiency. This is a unique opportunity to safeguard national critical infrastructure while working for a leading telecommunications company.

Primary Responsibilities:  

• Oversee and manage daily SOC operations, ensuring priorities and quality objectives are consistently met. 
• Lead incident triage and response efforts, reviewing and addressing escalated security events from Tier I/II analysts. 
• Direct technical activities across all phases of the incident response process: detection, assessment, containment, eradication, and recovery. 
• Conduct forensic analysis on compromised systems and coordinate with third-party resources as needed. 
• Perform in-depth incident analysis by correlating data from multiple sources to identify root causes and impacts. 
• Document and communicate findings, producing comprehensive after-action reports for the security team. 
• Develop and execute threat hunting strategies across the organization to proactively identify and mitigate threats. 
• Recommend and implement improvements to enhance the effectiveness and efficiency of threat intelligence, incident response, and scalability. 
• Lead technical incident response efforts, ensuring clear and active communication among stakeholders. 
• Collaborate with engineering teams to optimize enterprise monitoring platform configurations for effective threat detection and response, aligning with security policies and organizational goals. 
• Drive continuous evaluation and integration of monitoring platform configurations to enhance SOC capabilities and support efficient operations. 
• Partner with Security Engineering teams to enhance features and capabilities within existing security tools. 
• Execute projects under the guidance of Cyber Defense Leadership. 
• Train and mentor junior analysts, fostering their professional growth and development. 
• Develop, implement, and mature SOC policies and procedures to ensure robust security operations. 
• Stay informed on emerging threats and technologies, continuously adapting SOC strategies to address evolving security challenges. 
• Perform additional tasks and duties as directed by the CSOC Manager.

Minimum Requirements: 

• Bachelor’s degree in a related discipline and 6 years’ experience in a related field. The right candidate could also have a different combination, such as a master’s degree and 4 years’ experience; or 18 years’ experience in a related field in lieu of degree. 
• 6+ years of technical experience in the information/cyber security field. 
• 2+ years of direct experience in an Incident Response role in large enterprise environments. 
• Experience in the application of Incident Response methodologies. 
• Strong knowledge and experience with the Windows and Linux operating systems. 
• Working knowledge of cloud technologies such as Amazon, Azure, and Google. 
• Experience using Python, PowerShell or equivalent automation and enrichment technologies. 
• Experience with Microsoft Graph API and KQL. 
• Strong knowledge of network protocols, web servers, authentication mechanisms, anti-virus, and server applications.  
• Ability to execute under pressure. 
• Ability to perform independent analysis, distill relevant findings and root cause. 
• Ability to communicate complex ideas clearly and effectively using written and verbal communication.

Preferred: 

• Cloud technology experience and associated incident response techniques. 
• Ability to perform forensics on Windows endpoints. 
• Experience with endpoint security agents (Microsoft Defender, CrowdStrike etc.). 
• Experience with threat hunting in cloud environments. Azure, AWS, GPC. 
• Experience with Fortinet, Palo and Juniper firewalls. 
• Experience with network forensics and associated toolsets, (Suricata, WireShark, PCAP, tcpdump, etc.) and analysis techniques. 
• Experience automating response operations through SOAR, Logic Apps, Defender Live Response or similar technologies. 
• Industry certification such as GCIH, CCIA, GIAC, CISSP, or CISM.