Cybersecurity Operation & Incident Response Lead

Company: Minerals Technologies Inc.
Location: Bethlehem
Posted on: February 20, 2021

Job Description:

We currently have an exciting opportunity for an Cybersecurity Operation & Incident Response Lead at our Bethlehem, PA location. This role is highly technical as the day-to-day oversight and escalation point for the Security Operations Center (SOC) [currently outsourced] - it requires a holistic depth of knowledge across the security technology tools stack as well as hands-on keyboard experience and ability to work collaboratively across the organization.

Primary Duties & Responsibilities
Keeps abreast of industry trends and current emerging risks.

• Assess scope and severity of escalated alerts and effectively communicate to Cyber Security Manager.
• Serve as escalation point to provide thorough analysis of risks, vulnerabilities, and security incidents.
• Lead response to IR activities across multiple internal teams, including infrastructure, network, endpoint, Managed SOC, incident response; enforce incident response SLAs.
• Investigate security events forwarded from Level I & II Analysts and client for security risk.
• Serve as Security Incident Response Team Lead (when necessary).
• Conduct detailed security event analysis from network traffic attributes and host-based attributes (binary analysis, etc.) to identify information security incidents.
• Proactively search for and respond to security events and incidents from SIEM, Firewall (FW), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Antivirus (AV), Network Access Control (NAC) and other client data sources.
• Review lessons learned from previous incidents.
• Coordinate with Cyber Threat Intelligence and Vulnerability Assessment teams to assess real-world risk.
• Keep up-to-date on ongoing threat risk trends as well as common advanced persistent threats (APTs) actors.
• Identify strategic and operational SOC improvements and communicate those effectively to management.
• Collect and analyze SOC metrics as well as coordinate feedback with Cyber Security Manager.
• Develop best practices around investigations and incident response.
• Develop and adjust SIEM rules and analyst response procedures.
• Document actions in cases to effectively communicate information internally and to Managed SOC.
• Provide documentation and project support.
• Perform system maintenance and maintain current documentation.
• Provide resolution plans for system and network issues.
• Respond to inbound requests via phone and other electronic means for technical assistance. 21. Responsible for other duties as assigned.
  
  OE/Lean
  
  1. Actively participates in the implementation of sustainable improvement processes, such as 5S, Kaizen, Total Productive Maintenance (TPM), Daily Management Control, Standard Work and Problem Solving
  
  Other Related Duties
  
  1. Participates in the Operation Excellence Program as outlined by the Company.
  2. Other duties and special projects as assigned.
  
  Note: Management reserves the right to assign or reassign duties and responsibilities to this job at any time.
  
  Qualifications/Requirements
  The requirements listed in the sections that follow are representative of the knowledge, skills and/or abilities required to perform the duties of this job. Reasonable accommodations may be made to enable qualified individuals with disabilities to perform the essential functions (primary duties) of the job.
  
  Education: Bachelor's Degree in computer science, computer engineering, or information systems with emphasis on IT/Information/Cyber-security preferred.
  
  Experience: Minimum of 5+ years of experience in information services with 5 years of demonstrable and progressive experience operating incident response and handling domains. Require in-depth understanding of Information Security practices for network, servers, databases, applications, and advanced use of incident response and handling techniques.
  
  Skills and attributes for success include the following:

• Personal and Operational Leadership to lead a highly technical team.
• Information Security Principles, Technologies, and Practices.
• Proven experience with multiple security event detection platforms.
• Expert understanding of TCP/IP networking skills to perform network analysis to isolate and diagnose.
• Expert understanding of IDS/IPS rules to identify and/or prevent malicious activity.
• Excellent written and verbal communication skills required. Must be able to communicate technical details clearly.
• Integrity in a professional environment.Minimum of 5 years of experience in one or more of the following:
  • Working in a Security Monitoring/Security Operations Center environment (SOC).
  • Experience investigating security events, threats and/or vulnerabilities.
  • Experience leading and directing security incident response.
  • Experience with a variety of operating systems including Windows, Linux or UNIX in a functional capacity.
  • Understanding of electronic investigation and log correlation
  • Proficiency with the latest intrusion detection platforms; working knowledge of Linux and/or Windows systems administration (Including AD).
  • Understanding of well-known protocols and services e.g., FTP, HTTP, SSH, SMB, DAP.
  • Understanding of routing principles and networking fundamentals: Packet Analysis Tools (TCPDUMP, Wireshark, Ngrep).
  • Scripting or programming (Shell scripting, Python, PowerShell, Perl, Java, etc.).Should have detailed understanding on below technologies.
    • Desired skill: Previous leadership experience as a team lead or supervisor
    • Experience working with SIEM [QRadar], Antivirus [McAfee], Endpoint Detection and Response (EDR) [McAfee, Carbon Black, and Crowdstrike], Log Aggregators, Incident Response Management solutions
    • Experience managing standards, developing Security Operations Process, reporting and dashboards
    • Automation experience on Phantom, Demisto, or other SOAR tools
    • Forensic experience (1-2 years) especially around in-memory attacks -- Reverse Malware engineer experience (1-2 years).
      -- AWS, Azure and Google Cloud Platform (GCP)
      
      Certifications (Desirable)
      -- SANS/GCIH OR
      -- CISM (Certified Information Security Manager) OR
      -- Certified Information Systems Security Professional (CISSP) OR
      -- CompTIA Security+
      -- Other related certifications such as SANS/GCIA, SANS/GCFA, SANS/GCIH, SANS/GCFE, SANS/GIAC, SANS/GSEC, are preferred, but not required.
      
      Knowledge of Cybersecurity Framework (e.g. NIST CSF, ISO27001) would be desirable
      
      Other Desired Experience:
      
      -- Master's degree in computer science, information systems, engineering, business administration or a related field is preferred, but not required.
      -- Strong understanding of information security and the relationship between threat, vulnerability and information value in the context of risk management.
      -- Ability to gather, analyze and interpret business drivers and developing practical security solutions that provide adequate security to support the business.
      -- Possess a good understanding of appropriate leading-edge technologies.
      -- Known to relevant technology companies as a thought leader around security, privacy and supporting technologies.
      -- Extensive experience working across a diverse and inclusive team environment with strong commitment to respect, equality and teaming.
      
      Critical competencies for success:
      -- Leadership skills: Must have the proven ability to lead the development, planning, coordination, and monitoring of security operations and incident response solutions and programs, and be a key part of the overall leadership for all aspects of information security. This leader will be known as a collaborative and influential executive who can serve as an effective member of the executive management team at MTI. This leader will be known as a collaborative individual who can serve effectively as an active contributor at MTI. Must be able to communicate effectively regarding security, privacy, risk, compliance, strategy and the required investments to technologists and business personnel.
      -- Security knowledge: Able to draw upon proven experience to recommend and gain buy-in to numerous information security policies and solutions. He/she will be able to provide leadership by demonstrating subject matter expertise. This individual is able to represent the interests of the organization and gain support from stakeholders
      -- Ability to deliver: This individual will have the proven ability to contribute solutions to large, complex projects across various business and functional departments as they pertain to risk and security matters. He/she can create a positive and productive mindset with solutions to meet clear objectives, goals and effective processes.
      -- Project, Program and Portfolio Management: This individual must have a solid foundation of program and project management in past initiatives. The individual must have experience in leading and directing a portfolio of projects and initiatives in both a project and a sustained operational capacity.
      
      Travel: Travel to other work sites may occur.
      
      Work Hours: Must have ability to work the shift/number of hours in which duties need to be accomplished, including overtime, holidays and weekends, as necessary. Call-ins may occur as needed.
      
      Equal Opportunity Employer
      

Keywords: Minerals Technologies Inc., Bethlehem , Cybersecurity Operation & Incident Response Lead, Other , Bethlehem, Pennsylvania