This position is responsible for managing HP's Cybersecurity Threat Detection and Response program, leveraging a mix of managed services and internal expertise to ensure early and accurate detection, response, containment and recover and threats directed against HP.
As a technical management role, the ideal candidate possesses deep security knowledge/expertise, previous experience as a security practitioner, systems management and administration experience, proven service management skills, and the ability to attract and retain talent in a challenging market.
Responsibilities:
- Lead and serve as a mentor for internal Threat Hunting, Incident Response and Forensics team, actively improving our capabilities.
- Partner with external providers, ensuring our co-managed Security Operations Center and SIEM operations and engineering is driven to excellence.
- Drive end-to-end Cybersecurity incident response activities, serve as an escalation point for high priority or complex incidents.
- Drive continuous refinement and improvement of incident response processes.
- Grow and mature our Threat Intelligence Program.
- Identify gaps in visibility and detection methodologies. Regularly evaluate current log ingestion and content development strategies, drive onboarding of new data sources and new threat detection logic.
- Regularly evaluate tooling and technology platforms, make recommendations for improvement.
- Provide incident metrics to other Cybersecurity and business leadership.
- Build and maintain relationships with HP technology and business stakeholders
- Build and maintain relationships with key vendors.
- Participate in audits as required.
Want more jobs like this?
Get jobs in Austin, TX delivered to your inbox every week.
Education and Experience:
- 3+ years leading security operations, hunt, or incident response teams
- 5+ years as a Cybersecurity practitioner, threat detection or incident response functions strongly preferred.
- Previous experience managing external service providers preferred.
- Bachelor's Degree or higher in the field of Computer Science or Information Security or related field (may be substituted for experience and industry certifications).
- Individual technical Cyber Security Certification through one of the recognized bodies preferred: SANS, ISACA, (ICS)2, CompTIA, etc.
Knowledge and Skills:
- Demonstrated ability to lead technical teams and projects.
- Understanding of adversary motivations, tactics and techniques.
- Development of incident response and operations processes and playbooks
- Understanding of common security tools, instrumentation, and detection methodologies - EDR, SIEM, IDS/IPS, proxies, etc.
- Understanding of common operating systems and enterprise infrastructure components (Window, Linux, Active Directory, etc.).
- Understanding of core networking concepts (TCP/IP, etc.) and common protocols (HTTP, SMB, etc.).
- Understanding of cloud services (AWS, Azure, O365) a strong plus
- Excellent verbal and written communication skills, ability to communicate technical concepts to a non-technical audience.
- Excellent organization, problem resolution, and teamwork skills.
- Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change.
- Ability to stay calm under pressure, think rationally, and communicate effectively in stressful situations.
#Li-Post