Senior Security Lead

Description

• Conduct investigations of security incidents, providing analysis and recommending corrective actions to address identified threats
• Participate in ad-hoc threat hunting activities to proactively identify and neutralize potential security threats
• Coordinate with internal teams to support a comprehensive security response.
• Operate endpoint security and SIEM and EDR solutions to detect, analyse, and respond to cyber threats
• Serve as a focal technical lead and primary contact for complex incidents, providing hands-on investigation and support
• Conduct sophisticated digital forensics and malware analysis to understand the scope and nature of threats
• Facilitate, document and manage root cause analysis and post-incident review process, including tracking all action items and lessons learned through to implementation
• Lead the full incident lifecycle, from detection and triage to containment, eradication, and recovery, ensuring the timely and effective resolution of threats
• Facilitate root cause analysis and post-incident reviews, documenting lessons learned and tracking action items for implementation to prevent future incidents
• Train, coach, and mentor junior incident responders, sharing knowledge and helping them develop the skills to handle complex situations independently
• Identify opportunities to enhance the incident response program by improving detection fidelity, developing new tools, and updating incident response playbooks
• Communicate effectively with management, stakeholders, and technical teams regarding Sev1 / Sev 2 incident progress and remediation efforts
• Proactively hunt for adversaries and potential compromises within networks, even when no active incident is reported
  

Business Strategy

• Possess deep functional knowledge & expertise to coach & guide associates to build process capability.
• Identify & develop SME talent in collaboration with the TL/Managers.
  

Relationship Management

• Work closely with the respective teams. Collaborate and build strong relationship with functional teams to ensure required support for coaching, streamlining and enhancement of processes.
• Work with cross regional partners
• Vendor management
• Excellent collaboration skills and the ability to influence team members00
  

Qualifications

Education & Skill

• Bachelor’s Degree in Information Technology/Information Security or equivalent experience in technology
• Strong understanding of network analysis, malware reverse engineering, digital forensics, SIEM tools (e.g., Splunk), EDR, firewalls, Active Directory, and scripting (e.g., Python)
• Experienced with responding to major cyber incidents in a primarily Windows environment; experience with a heavily mixed Linux/Windows environment is a plus
• Preferred someone Certified in SANS GCIH
• Familiarity with cybersecurity frameworks such as NIST, MITRE ATT&CK, and ISO 27001
• Has used forensic analysis to investigate potential breaches with supporting detail to determine attack vectors, the scope of the incident, and affected systems
• Strong leadership, communication, and problem-solving skills.
• Ability to work under pressure and manage multiple security priorities.
  

Work Expérience

• Minimum 12-15 Years of experience, Leading Cyber Incident response teams
• Prior people / process / technology management experience
• Knowledge of cloud technologies and cloud infrastructures such as Azure, GCP, AWS, O365
• Experience with conducting log analysis across different components of a typical organisation estate (e.g. OS, network, cloud)
• Has experience in assessment/evaluate/prioritization of Security risk
• Understanding of various security controls and how they are used to detect and mitigate risk
• Prior experience in negotiating and managing security-related contracts with external providers.