As a Security Technologist Lead, you will play a pivotal role in enhancing our security posture across both on-premises and cloud environments, ensuring we maximize the effectiveness of our existing technologies. A key aspect of this role will be creating a log onboarding strategy to identify security logs of interest and develop methods to integrate these logs into our SIEM, centralizing logging efforts. This involves identifying new logs by analyzing various sources, determining their relevance to security monitoring, and ensuring their effective integration into the SIEM.
This role will be pivotal in developing new use case detections and alerts to enhance visibility against emerging and sophisticated threats. By leveraging technologies such as SOAR, you will automate playbooks and streamline our security operations, significantly reducing the time to detect and respond to incidents. This will enable our teams to focus on higher-value tasks and strategic initiatives.
The successful candidate must be able to interpret complex security information, adapting to evolving threats, implementing controls to mitigate risks and develop alerting mechanism and provide effective countermeasures.
Additionally, you will support the Security Operations team in building and enhancing cloud detection capabilities, aligning with our cloud-first strategy. This includes developing and implementing cloud-specific use cases and alerts to detect and respond to threats within cloud environments.
Responsibilities:
- Develop Log Onboarding Strategy by identifying and prioritizing relevant logs in alignment with our detection strategy. This includes scoping, testing, and implementing new SIEM data connectors where required.
- Create and implement SIEM detection rules for complex technical environments. Design custom alert logic based on sophisticated and emerging threats, utilizing XQL (Extended Query Language) for advanced detection patterns.
- Periodically review the use case library, perform attestation on existing use cases, and engage in tuning discussions. Provide recommendations for improvements to adapt to evolving threat landscapes.
- Periodically review the use case library, perform attestation on existing use cases, and engage in tuning discussions. Provide recommendations for improvements to adapt to evolving threat landscapes.
- Utilize scripting languages like Python and automation solutions such as SOAR to streamline manual tasks and automate incident response playbooks to reduce mean time to respond and enable teams to focus on high value activities.
- Employ various cybersecurity techniques to assess information systems. Lead security initiatives and assist in enterprise-level projects, implementing security solutions and conducting Proof of Concept for modern technologies.
- Work closely with cross functional teams to integrate security measures and detection capabilities into cloud deployments, ensuring that security is embedded into the design and operational processes.
- Ensure thorough documentation of detection rules and related runbooks and processes for use by the Security Operations team.
- Oversee the management and maintenance of security operations owned platforms, including Palo Alto Cortex XDR, IBM Guardium, Qualys, KnowBe4, and File Integrity Monitoring Solution.
- Update and maintain cybersecurity playbooks, policies, and knowledge base articles that support established Incident Management and SOC processes.
- Work with broader technology teams to contribute to continual service improvements and innovations.
- Support high-severity incident response process as needed, ensuring that alerts and detections are promptly created and that relevant logs are readily available to facilitate thorough investigations.
- Mentor and train security operations analysts in use case detection and alerting, empowering them to enhance their skills and effectiveness in incident response.
Requirements:
Requirements:
- 5+ years of relevant cybersecurity experience with demonstrated technical leadership ability in information security and engineering experience in enterprise level security technologies in one or more areas of: Endpoint Protection, Perimeter Security, Email Security, Security Automation and Orchestration, Cloud Security and Vulnerability Management
- In-depth understanding of Security Operations and Security technologies, with previous experience in a SOC environment
- Practical experience with log analysis and correlation of large datasets from multiple data sources to identify and investigate attack patterns.
- Proven experience in configuring and parsing log sources for log centralization and optimizing data analysis for improved threat detection.
- Understanding of common exploitation techniques, MITRE ATT&CK framework and awareness of new threats
- Experience of supporting and developing SIEM platforms in the context of Security Operations Centre.
- Strong understanding of networking principles and extensive knowledge of TCP/IP at the packet level, including protocols and troubleshooting techniques.
- Practical experience in programming and scripting, particularly in PowerShell and Python, enabling task automation and custom solution/API development.
- Hands-on experience working with APIs to facilitate integration between various security tools, enhancing data flow and operational efficiency.
- Familiarity with cloud security best practices and frameworks from major cloud providers to effectively develop and implement security detections in cloud environments.
- Knowledge of broad range of security controls and risk management frameworks and laws such as, but not limited to, Payment Card Industry (PCI), NIST 800-63, ISO27001, OSFI B13 and Integrity & Security Guideline.
- Excellent written and verbal communication skills, crucial for conveying complex technical information clearly and facilitating collaboration.
- Capable of working independently in ambiguous situations while effectively achieving desired outcomes.
- Preferred Certifications: CCSP, CISSP, GIAC-GCED or equivalent security certifications
- A proactive self-starter who adapts quickly in a fast-paced environment, demonstrating a positive attitude and requiring minimal supervision to achieve goals.