UST
Website:
ust.com
Job details:
Role Description
Primary Responsibilities
You will be expected to be an expert across our Security Operations Center service, driving technological and procedural changes as needed to support the business. You will work with multiple internal teams along with external MSSPs to accomplish this objective. You will need to stay current on emerging threats, technologies, and trends related to attacks (perimeter, identity, endpoint, mobile).
Effectively interact with colleagues across the Cybersecurity team, as well as the broader Technology and Application teams
Responsible for initial or secondary triage of security leads identified by internal controls or external SOC partners.
Experience with Wiz or another CSPM tool used for defending cloud environments.
Proficient in Threat Research and understanding the latest malware trends, common attack TTPs, and the general threat landscape beyond endpoint.
Proficient in Incident Response and automation workflows as it relates to Security Operations
Demonstrates ability to author content using a variety of query languages, as well as scripting for event enrichment and investigation.
Detects, identifies, and responds to cyber events, threats, security risks and vulnerabilities in line with cyber security policies and procedures.
Conducts threat hunting and analysis using various toolsets based on intelligence gathered.
Responsible for documenting the incident life cycle, conducting handoffs, escalation, and providing support during cyber incidents.
Partner with the security engineering and platform engineering teams to improve tool usage and workflow.
Influence the planning and execution of incident response and postmortem exercises, with a focus on creating measurable benchmarks to show progress (or deficiencies requiring additional attention)
Perform other duties as planned.
Qualifications & Experience
To be an effective lead of our Security Operations Center solution you will need to have a broad range of technical knowledge, but more importantly, you will need to be driven and operationally focused. You will need to be able to work independently, identifying opportunities and executing on them, while at the same time being transparent and working with the team.
Education
Bachelor s degree in computer science, Information Technology, or related field.
Professional Certifications such as CISSP, CISM, CEH, GCIH, GCIA, GSOC a plus
Experience Required
4-8 years of experience in Enterprise Cybersecurity, or with a reputed Services / consulting firm offering security operations consulting or equivalent public sector experience
Experience with SIEM tools (Splunk, SumoLogic, Sentinel, QRadar, etc.) and Endpoint Detection & Response tools (CrowdStrike, CarbonBlack, SentinelOne, etc.)
Experience engaging in a 24x7 operational environment.
Experience with SQL and scripting (such as Python and PowerShell).
Results oriented and the ability to manage multiple tasks and deadlines with attention to detail.
Strong communication and self-management skills.
Experience testing and validating security controls a plus.
Skills
Experience in SOAR (Security Orchestration Automation Response) platform preferred.
cybersecurity,siem,threat hunting,incident response,endpoint detection and response,
Click on Apply to know more.