Threat Detection, Response, and Intelligence (Lead/Manager)

Role Overview:

We are seeking a highly skilled and motivated professional to lead our Threat Detection, Response, and Intelligence function. This role is crucial in ensuring timely identification, analysis, and mitigation of cybersecurity incidents, while also enhancing the organization's overall threat resilience and security posture.

RESPONSIBILITIES:

Incident Detection:

• Continuously monitor network and system activity, logs, and alerts using SIEM tools, intrusion detection systems, and other technologies to uncover suspicious activity or potential breaches.

Incident Analysis:

• Conduct in-depth investigations into security events to determine root cause, assess impact, and trace the source and techniques used in the attack.

Incident Mitigation:

• Develop and execute effective containment and remediation strategies, including isolating compromised systems, applying patches, and enforcing security controls.

Response Planning:

• Design, maintain, and refine incident response strategies and playbooks to support efficient and consistent responses across a range of incident types.

Cross-Functional Coordination:

• Collaborate with teams across IT, security, legal, and compliance to ensure cohesive and timely incident response, with clear communication throughout.

Documentation and Reporting:

• Keep accurate and detailed records of incident handling activities, including actions taken and outcomes. Prepare clear incident reports and lessons-learned summaries for stakeholders.

Threat Intelligence:

• Stay updated with emerging cyber threats, vulnerabilities, and attack vectors. Leverage intelligence feeds to inform detection capabilities and enhance defensive strategies.

Digital Forensics:

• Perform forensic analysis and malware reverse engineering to gather evidence, understand attack behavior, and support any potential legal proceedings.

Continuous Improvement:

• Evaluate current incident response practices regularly, suggesting enhancements and adopting best practices to strengthen the security program.

Availability:

• Willingness to work outside regular business hours when necessary to address urgent security events.

BASIC QUALIFICATIONS:

Required Certifications (at least one):

• CEH (Certified Ethical Hacker)
• GIAC Certified Incident Handler
• CISSP (Certified Information Systems Security Professional)
• CompTIA Security+

Experience:

• 4 to 6 years of experience in Security Operations and Incident Response
• Strong background in Splunk administration, including data parsing and indexing
• Hands-on experience with security compliance standards like ISO 27001 and/or PCI-DSS

Technical Skills:

• Solid understanding of network, endpoint, API, and user behavior threat identification
• Familiarity with cybersecurity principles including risk and incident management, threat vectors, and common attack methods
• Experience working with various OS platforms including Windows and Linux
• Knowledge of cloud environments, particularly AWS and Alibaba Cloud
• Comfortable working with applications, databases, and middleware from a security perspective
• Proficient in scripting (Python, Bash, or PowerShell) for automation and incident handling
• Experience with Infrastructure-as-Code tools (e.g., Terraform)
• Knowledge of containerization and orchestration tools like Kubernetes and Docker is a plus

Soft Skills:

• Strong analytical and problem-solving abilities
• Effective communicator with good interpersonal skills
• Ability to perform well under pressure and make quick, informed decisions
• Proficient with Google Workspace tools, particularly Google Sheets
• Skilled in creating professional reports and security dashboards

This role is ideal for a driven cybersecurity professional who thrives in dynamic environments and is passionate about proactively defending against evolving threats.

Please refer to job description.