Cybersecurity Operation & Incident Response Lead
Company: Minerals Technologies Inc.
Posted on: February 20, 2021
We currently have an exciting opportunity for an Cybersecurity
Operation & Incident Response Lead at our Bethlehem, PA location.
This role is highly technical as the day-to-day oversight and
escalation point for the Security Operations Center (SOC)
[currently outsourced] - it requires a holistic depth of knowledge
across the security technology tools stack as well as hands-on
keyboard experience and ability to work collaboratively across the
Primary Duties & Responsibilities
Keeps abreast of industry trends and current emerging
- Assess scope and severity of escalated alerts and effectively
communicate to Cyber Security Manager.
- Serve as escalation point to provide thorough analysis of
risks, vulnerabilities, and security incidents.
- Lead response to IR activities across multiple internal teams,
including infrastructure, network, endpoint, Managed SOC, incident
response; enforce incident response SLAs.
- Investigate security events forwarded from Level I & II
Analysts and client for security risk.
- Serve as Security Incident Response Team Lead (when
- Conduct detailed security event analysis from network traffic
attributes and host-based attributes (binary analysis, etc.) to
identify information security incidents.
- Proactively search for and respond to security events and
incidents from SIEM, Firewall (FW), Intrusion Detection Systems
(IDS), Intrusion Prevention Systems (IPS), Antivirus (AV), Network
Access Control (NAC) and other client data sources.
- Review lessons learned from previous incidents.
- Coordinate with Cyber Threat Intelligence and Vulnerability
Assessment teams to assess real-world risk.
- Keep up-to-date on ongoing threat risk trends as well as common
advanced persistent threats (APTs) actors.
- Identify strategic and operational SOC improvements and
communicate those effectively to management.
- Collect and analyze SOC metrics as well as coordinate feedback
with Cyber Security Manager.
- Develop best practices around investigations and incident
- Develop and adjust SIEM rules and analyst response
- Document actions in cases to effectively communicate
information internally and to Managed SOC.
- Provide documentation and project support.
- Perform system maintenance and maintain current
- Provide resolution plans for system and network issues.
- Respond to inbound requests via phone and other electronic
means for technical assistance. 21. Responsible for other duties as
1. Actively participates in the implementation of sustainable
improvement processes, such as 5S, Kaizen, Total Productive
Maintenance (TPM), Daily Management Control, Standard Work and
Other Related Duties
1. Participates in the Operation Excellence Program as outlined by
2. Other duties and special projects as assigned.
Note: Management reserves the right to assign or reassign duties
and responsibilities to this job at any time.
The requirements listed in the sections that follow are
representative of the knowledge, skills and/or abilities required
to perform the duties of this job. Reasonable accommodations may be
made to enable qualified individuals with disabilities to perform
the essential functions (primary duties) of the job.
Education: Bachelor's Degree in computer science, computer
engineering, or information systems with emphasis on
Experience: Minimum of 5+ years of experience in information
services with 5 years of demonstrable and progressive experience
operating incident response and handling domains. Require in-depth
understanding of Information Security practices for network,
servers, databases, applications, and advanced use of incident
response and handling techniques.
Skills and attributes for success include the following:
- Personal and Operational Leadership to lead a highly technical
- Information Security Principles, Technologies, and
- Proven experience with multiple security event detection
- Expert understanding of TCP/IP networking skills to perform
network analysis to isolate and diagnose.
- Expert understanding of IDS/IPS rules to identify and/or
prevent malicious activity.
- Excellent written and verbal communication skills required.
Must be able to communicate technical details clearly.
- Integrity in a professional environment.Minimum of 5 years of
experience in one or more of the following:
- Working in a Security Monitoring/Security Operations Center
- Experience investigating security events, threats and/or
- Experience leading and directing security incident
- Experience with a variety of operating systems including
Windows, Linux or UNIX in a functional capacity.
- Understanding of electronic investigation and log
- Proficiency with the latest intrusion detection platforms;
working knowledge of Linux and/or Windows systems administration
- Understanding of well-known protocols and services e.g., FTP,
HTTP, SSH, SMB, DAP.
- Understanding of routing principles and networking
fundamentals: Packet Analysis Tools (TCPDUMP, Wireshark,
- Scripting or programming (Shell scripting, Python, PowerShell,
Perl, Java, etc.).Should have detailed understanding on below
- Desired skill: Previous leadership experience as a team lead or
- Experience working with SIEM [QRadar], Antivirus [McAfee],
Endpoint Detection and Response (EDR) [McAfee, Carbon Black, and
Crowdstrike], Log Aggregators, Incident Response Management
- Experience managing standards, developing Security Operations
Process, reporting and dashboards
- Automation experience on Phantom, Demisto, or other SOAR
- Forensic experience (1-2 years) especially around in-memory
attacks -- Reverse Malware engineer experience (1-2 years).
-- AWS, Azure and Google Cloud Platform (GCP)
-- SANS/GCIH OR
-- CISM (Certified Information Security Manager) OR
-- Certified Information Systems Security Professional (CISSP)
-- CompTIA Security+
-- Other related certifications such as SANS/GCIA, SANS/GCFA,
SANS/GCIH, SANS/GCFE, SANS/GIAC, SANS/GSEC, are preferred, but not
Knowledge of Cybersecurity Framework (e.g. NIST CSF, ISO27001)
would be desirable
Other Desired Experience:
-- Master's degree in computer science, information systems,
engineering, business administration or a related field is
preferred, but not required.
-- Strong understanding of information security and the
relationship between threat, vulnerability and information value in
the context of risk management.
-- Ability to gather, analyze and interpret business drivers and
developing practical security solutions that provide adequate
security to support the business.
-- Possess a good understanding of appropriate leading-edge
-- Known to relevant technology companies as a thought leader
around security, privacy and supporting technologies.
-- Extensive experience working across a diverse and inclusive team
environment with strong commitment to respect, equality and
Critical competencies for success:
-- Leadership skills: Must have the proven ability to lead the
development, planning, coordination, and monitoring of security
operations and incident response solutions and programs, and be a
key part of the overall leadership for all aspects of information
security. This leader will be known as a collaborative and
influential executive who can serve as an effective member of the
executive management team at MTI. This leader will be known as a
collaborative individual who can serve effectively as an active
contributor at MTI. Must be able to communicate effectively
regarding security, privacy, risk, compliance, strategy and the
required investments to technologists and business personnel.
-- Security knowledge: Able to draw upon proven experience to
recommend and gain buy-in to numerous information security policies
and solutions. He/she will be able to provide leadership by
demonstrating subject matter expertise. This individual is able to
represent the interests of the organization and gain support from
-- Ability to deliver: This individual will have the proven ability
to contribute solutions to large, complex projects across various
business and functional departments as they pertain to risk and
security matters. He/she can create a positive and productive
mindset with solutions to meet clear objectives, goals and
-- Project, Program and Portfolio Management: This individual must
have a solid foundation of program and project management in past
initiatives. The individual must have experience in leading and
directing a portfolio of projects and initiatives in both a project
and a sustained operational capacity.
Travel: Travel to other work sites may occur.
Work Hours: Must have ability to work the shift/number of hours in
which duties need to be accomplished, including overtime, holidays
and weekends, as necessary. Call-ins may occur as needed.
Equal Opportunity Employer
Keywords: Minerals Technologies Inc., Bethlehem , Cybersecurity Operation & Incident Response Lead, Other , Bethlehem, Pennsylvania
Didn't find what you're looking for? Search again!