Back to Job Search

Incident Detection Lead

  • Location: Plano, Texas, 75024
  • Salary: 70.0
  • Job Type:Contract

Posted 28 days ago

This international network integration leader has an immediate 6-12+ month contract opportunity in Plano, TX for an Incident Detection Lead.  Will be working temporarily remote but must be willing to work onsite in Plano post-COVID. The Incident Detection role leads security operations by responding to escalated alerts and monitoring alerts. This position leads the operational team to conduct in-depth analysis of security events with the specific ability to identify Indicators of Compromise, perform intrusion scope and root cause analyses and implement triaging protocols to mitigate potential damage to our cyber ecosystem.

RESPONSIBILITIES:
  • Directs technical members in conducting Event Detection, Incident Triage, Incident. Handling, Hunting activities by leveraging detection/response platforms
  • Continuously monitors levels of service as well as interpret and prioritize threats through use of cyber threat intelligence, intrusion detection systems, firewalls and other boundary protection devices, and any security incident management products deployed
  • Work with Security and IT operations teams to develop and implement remediation plans in response to incidents
  • Provides input into security architecture requirements, tool deployment and implementation
  • Recognizes potential, successful, and unsuccessful intrusion attempts and compromises thorough review and analyses of relevant event detail and summary information
  • Provide comprehensive briefings at various levels of operations and management regarding ongoing security incidents
  • Ensure the proper and timely handling of all incidents regarding all aspects of security for the facility
  • Lead operation team to provide 24x7 incident detection and monitoring service, and performance report on regular basis
  • Enhance and provide training to operation members 
  • Integration of additional supported log source/device and development of new use cases as required
  • Manage communication with our affiliates in case of security incident.
  • Work with our affiliates to remediate non-compliance with technical and security requirements.
  • Assist affiliates and group to improve cybersecurity maturity and strengthen cybersecurity posture. 
MINIMUM QUALIFICATIONS:
  • 8+ years cyber security experience required
  • 5+ years of experience in incident response handling and staff leadership.
  • 2+yrs of experience as a lead
  • Must have a strong understanding of concepts and technology across all IT areas to be able to spot gaps and develop appropriate controls
  • Demonstrated analytical, problem-solving, and critical thinking skills required
  • Working knowledge of security technologies such as Active Directory, anti-malware tools, forensics tools, firewalls, identity access management, IDS / IPS, multi-factor authentication, network devices, SIEM, threat intelligence, vulnerability scanners, monitoring tools, and web filters on premise and in cloud environments required 
  • Ability to work with little supervision and consistently deliver results required
  • Familiarity with network technologies and protocols (switches, routers, firewalls, VPNs, remote connection technologies, and multiple domain environments) strongly preferred 
PREFFERED QUALIFICATIONS:
  • Experience with Splunk and other SIEM platforms, Enterprise Intrusion Prevention Systems, Endpoint Detection tools, and other security products
  • Experience conducting incident handling and response efforts in large enterprise environments
  • Experience supporting incident investigations
  • Experience working in a 24/7 SOC environment
  • Security certifications (e.g. Security+, Network+, CEH, SANS etc.)