|Date Posted||February 5, 2018|
The role provides technical direction over the Cyber Security Operations Center/Incident Response functions. The position is responsible for overseeing a team of Security analysts to analyze security events/incidents within the environment and respond accordingly. This includes activities ranging across incident response, threat intelligence, threat analysis, forensic analysis and support of advanced threat detection technologies. The Tech Lead is responsible for developing processes and procedures to analyze various security events/incidents consistently. The individual builds, develops, and maintains relationships with internal and external customers, and vendors to formulate solutions for Freddie Mac and customer system issues related to Information Security. The role must ensure the appropriate level of technology, skill levels, and processes required to deliver high-level information security processes, procedures and solutions to ensure the confidentiality and integrity of Freddie Mac and customer assets. This position reports to the Director of Cyber Security.
• Responsible for all activities within the Cyber Security. These activities include: detection, triage, analysis, containment, recovery and reporting.
• Direct a team of Security analysts that can analyze and respond to security events/incidents.
• Responsible for development/improvement of process/procedures related to Cyber Security that includes Security Monitoring, Incident Response, Threat Intelligence, advanced persistent threat detection and vulnerability analysis.
• Manages and executes processes responsible for the advanced analysis of security threat intelligence (malicious code, industry events, hackers and zero day exploits, OEM weaknesses, intrusion logging, etc.) to proactively prepare for security events.
• Oversee monitoring of Security alerts from Security Information and Event management (SIEM) platform as well as lead the Managed Security Services Provider (MSSP) services for off-hour monitoring.
• Lead day-to-day operations of Cyber Security to ensure Security events/incidents are being handled efficiently.
• Coordinates response, triage and recovery activities for security events affecting the company’s information assets.
• Develop Strategies and partner with Business/IT stakeholders to identify, detect and prevent security threats the organization faces.
• Provides thought leadership and guidance on intelligence/analytics research to build the necessary controls and infrastructure to provide automated and proactive detection and prevention.
• Must be able to present to different audiences and adjust accordingly (business, technical and management) either structured presentations or ad-hoc.
• Must be able to establish and maintain business relationships with individual contributors as well as management.
• Bachelor’s degree in Computer Science, Information Technology, Business Management, related field or equivalent work experience
• At least 3 years of Information Security SOC/Incident Response experience
• Demonstrated experience with designing and implementing SIEM (Splunk, Arcsight, QRadar, etc) use cases.
• Demonstrated experience in handling cyber incidents and response in similar critical environments (Malware Analysis, Email Threat Analysis, Web Threat Analysis, etc)
• Strong knowledge of enterprise detection technologies and processes (Advanced Threat Detection Tools, IDS/IPS, Network Packet Analysis, Endpoint Protection)
• Advanced knowledge of network protocols and operating systems (Windows, Unix, Linux, Databases)
• Relevant security knowledge and experience in two of the following areas: security operations, incident response, network/host intrusion detection, malware analysis, threat response
• Ability to communicate clearly, effectively, persuasively and credibly with internal management and external senior level oversight entities
• Experience in leading and managing personnel
• Experience in the financial services industry
• Experience in the following: Unix Scripting, Programming, SQL, WAF, Reverse Engineering Malware, Vulnerability Analysis/Assessment
• Experience working in a Security Operations Center (SOC) environment