Cybersecurity Team Lead

About The Position

Requirements

• Knowledge of Leadership and Management of a technical team of engineers
• Working knowledge of management processes such as personnel administration, planning, and budgeting
• Familiarity with vendors, project expenses and purchasing requisitions
• Strong technical skills and hands on experience in Cybersecurity as it relates to alert triage, on-going monitoring, detection, investigation, and incident response activities
• Understanding of Cybersecurity concepts such as Endpoint security, Network security, Cloud security, Data Loss Prevention/Data Privacy, and Web/Email security
• Knowledge of the latest security and privacy legislation, regulations, advisories, alerts, exploits, and vulnerabilities
• Advanced understanding of the NIST Incident Response Life Cycle and the MITRE ATT&CK Framework
• Strong knowledge of the OSI model and security that is associated with each layer
• Advanced knowledge of core Information Technology concepts such as TCP/IP networking, Windows & Active Directory, Unix/Linux/Mac, web/email traffic, microservice architecture, and using a command line interface (CLI)
• Possess strong understanding of cloud providers, technologies, and concepts
• Understanding of Agile and DevOps environments
• Demonstrated success in project management
• Experience in scripting and automation in widely used languages such as Python or PowerShell is a plus

Nice To Haves

• Bachelor's Degree in related field or equivalent work experience strongly preferred
• 5-7 years of years of experience in large and complex business environments with a successful track record working directly with senior level management
• At least 3 years of experience in one or more of the following domains: Cybersecurity, Network Engineering or Operations, Information Technology, Application Development, Access Control, Security Governance, Risk Management, Software Development Security, Cryptography, Security Architecture and Design, Operational Security, Business Continuity & Disaster Recovery, Legal Regulations, Investigations and Compliance, Physical (Environmental) Security, IT or Security Audit, IT or Security Compliance preferred
• 2-3 years experience securing cloud deployments on common platforms like Microsoft Azure, Amazon Web Services or Google Cloud Platform preferred
• Experience with deploying environments by defining infrastructure as code (IaC) preferred
• Experience in developing custom detections and logic to identify suspicious activity, specific attacks, and exploits
• Cybersecurity related certifications strongly preferred: GCFA, GCIH, GCIA, GCFE, CISSP

Responsibilities

• Lead and coordinate investigation and response activities to potential security events and user inquiries from multiple sources
• Investigate security events from detection to resolution, engaging in any containment, eradication and recovery actions as needed
• Perform analysis of various log sources, SIEM alerts, IDS/IPS alerts, host activity, and network traffic to identify suspicious or unauthorized activity
• Write ad-hoc searches and custom detections within a SIEM to find relevant information
• Participate in the on-call rotation for responding to various cybersecurity incidents
• Review and coordinate implementation of security solutions aimed to enhance incident response capabilities
• Ability to approach problems with an open-mind, think strategically and make collaborative decisions
• Strong presentation expertise, and the ability to coordinate and conduct meetings
• Communicates quickly, clearly, concisely, appropriately and intelligently
• Effective planning, time management, negotiation and delegation skills

Benefits

• 401K matching
• bonding leave for new parents (12 weeks, 100% paid)
• tuition assistance
• training
• GM employee auto discount
• community service pay
• nine company holidays