Role: Supervisor Cybersecurity Incident Response Team (CIRT)

Location: Pittsburgh, PA

Purpose:

The Cybersecurity Incident Response Team (CIRT) is responsible for ensuring effective detection and response to all security incidents.   CIRT operates as part of the Office of the CISO under the Cyber Security Operations and Engineering (“SecOps”) team.  The SecOps team is responsible for ensuring that corporate systems and networks are designed and operate in a secure manner that minimizes the risk to a level acceptable to management.

Responsibilities:

• Lead and serve as a mentor for internal Threat Hunting, Incident Response, and Forensics, actively improving our capabilities
• Partner with CyberSecurity Operations and Engineering groups to improve operations, detection, response, and recovery
• Drive end-to-end Cybersecurityincident response activities, serve as an escalation point for high priority or complex incidents
• Drive continuous refinement and improvement of incident response processes, playbooks, and Standard Operating Processes (SOPs)
• Grow and mature Threat Intelligence Program and applicability of detected threats to drive actionable intelligence
• Identify gaps in visibility and detection methodologies. Regularly evaluate current log quality and content development strategies, identify new data sources to enrich logs and new threat detection logic
• Provide incident metrics to other Cybersecurityand business leadership
• Build and maintain relationships with IT and business stakeholders
• Build and maintain relationships with local law enforcement and cyberdefense authorities
• Build and maintain relationships with key vendors
• Participate in internal and/or external audits as required
• Assist in developing and enhancing Cybersecuritystrategy and roadmap
• Collaborate with Cybersecurityand IT Risk Management peers to improve automated correlation, vulnerability scanning, code review/applications testing, and other detection security tools
• Manage securitytools and associated professional service contracts and deliver capabilities
• Partner with Infrastructure and Securityleadership teams to develop use cases for security automation and response, logging, monitoring and threat defense
• Contribute to the execution of CyberSecurity operations, incident response, and investigations spanning across all functions of the Cybersecurity organization

Qualifications:

• Experience in IT in the Information Securityarea
• Demonstrated ability to lead technical teams and strategic projects
• Strong communication and problem-solving skills
• Development of incident response, operations processes, and playbooks
• Understanding common securitytools, instrumentation, and detection methodologies – EDR, SIEM, IDS/IPS, proxies, etc.
• Understanding core networking concepts (TCP/IP, etc.) and common protocols (HTTP, SMB, etc.)
• Understanding of tools and techniques used by hackers to breach networks, server systems, cloud workloads, or applications
• Demonstrated understanding of security-related technologies and practices including authentication and authorization systems, endpoint protection, encryption, segmentation strategies, vulnerability management, network, and Host Incident Detection and Prevention, Data Loss Prevention, Data Security, risk-based and strong authentication, cloud access security, secure remote access, firewalls, Application Security, etc.
• Diverse technical background and exposure to enterprise networking, firewall, storage options, server infrastructure, operating systems, application development, database technologies, desktop operating systems and Cybersecurity
• Deliver on SLA/OLA commitments under tight deadlines and/or budgetary and other resource constraints
• Experience working in transmission and distribution operations services industry or other highly regulated and/or compliance-oriented environments
• Exposure to securitystandards NIST Cyber Security Framework, NIST SP800-61 R2 and ISO/IEC 27035

Education / Experience Requirements:

• Bachelor’s plus 5+ years industry experience. Team leadership preferred but previous supervisory experience not required.

 Preference:

• 3 + years of experience in leading CybersecurityOperations, threat hunt, incident response, digital and/or network forensics, threat, and vulnerability management functions.
• Prefer one or more relevant Cybersecuritycertification such as CISSP, CISM, GCFE, GCIH, 3CCE, EnCE, OR digital forensics / incident response certification

 Scope

• Primary focus is on day-to-day management of operational execution for areas managed. 
• Trains and develops staff.  Plans the workflow. 
• Directs available resources to accomplish process improvement. 
• Leads workflow changes and implementations for direct team.

Decision Impact

• Problems and issues are undefined require detailed info gathering, analysis, and investigation to understand/resolve. 
• Makes decisions that address workflow issues considering immediate impact on own function or work unit.

Thanks & Regards

 Vijay Patle

Direct: |Fax : |   

DVI Technologies, Inc. “Building Confidence in You”

800 McKnight Park Dr.  Suite 806-B | Pittsburgh, PA 15237

DVI Technologies, Inc.  Named 2014 AND 2015 Best Places to Work by the Pittsburgh Business Times

- provided by Dice