The Security Operations Lead will provide day-to-day operational leadership for identifying and investigating Cyber Security threats, vulnerabilities, and intrusions; provide incident response and remediation management; ensure that security monitoring coverage is optimal; develop secure network designs and threat protection strategies and undertake audits of technical security infrastructure.
The Security Operations Lead will contribute to technology, security strategies and product selections, respond to changes in the global threat landscape and business requirements by implementing new, or updating existing Cyber Security technologies.
The role will suit a qualified Security Operations Lead who works well as a great team player, has the necessary technical expertise in core infrastructure, security technologies and operating environments, has a proven track record in Cyber Incident and Threat Response, and understands the application of preventative and detective controls to reduce Cyber Security exposure.
What you’ll be doing:
Leading Day-to-Day Operation of the Cyber Security Operations (SecOps) Team and Managed Security Service Providers (MSSP)
Manage the Cyber Security Tools, Technologies, and Methodologies
Threat Response and Vulnerability Management
Policies and Standards Documentation and maintenance
Manage ongoing and new relationships with key internal and external stakeholders
What you’ll bring:
Strong knowledge of the latest Cyber Security infrastructure technologies and best practices.
Leadership experience in Information Security with a strong focus on Cyber Incident and Threat Response, Security Engineering, Threat Intelligence and Hunting, and Vulnerability Management.
Experience working in Security Operations Centre (SOC) and/or Computer Incident Response Team (CIRT) in a lead role.
Experience with disk and memory forensic tools.
Ability to analyse endpoint, network, application security logs, and using big data log collection and off the shelf correlation tools for data analytics.
Experience with writing and tuning of IPS/IDS signatures and Yara Rules.
Demonstrated understanding of MITRE ATT&CK, OWASP Top 10, Lockheed-Martin Cyber Kill Chain, threat modelling, operational threat intelligence and common attack vectors.
Excellent problem-solving skills combined with hands-on experience in investigating security incidents, including root cause analysis and running post-incident reviews.
Ability to analyse malware and obfuscated code, perform both static and dynamic analysis.
Familiarity with ASD Essential 8 and NIST Cybersecurity Frameworks.
Experience leading proof of concepts and evaluation of new technologies/tools to improve security posture and capability.
Experience in implementing partial or end-to-end automation of detection and incident response workflows.
In-depth knowledge of Security Incident and Event Management (SIEM) system management, onboarding additional telemetry / logs sources, and fine-tuning rules / alarms.
In-depth knowledge of core infrastructure technologies and operating environments, such as (but not limited to) Active Directory, Windows Workstation and Server OS, TCP/IP networking, Linux, Azure, AWS, firewalls, proxies and IDS/IPS.
Strong operational knowledge of scripting languages including PowerShell, Python and JSON.
Salt is acting as an Employment Agency in relation to this vacancy.