Job Description

Responsibilities will include:

• Monitor, analyze, and respond to security events and incidents using SIEM and other security tools.

• Develop and maintain detection rules, playbooks, and automation scripts to improve incident response efficiency.

• Perform threat hunting and forensic investigations across IT environment.

• Collaborate with infrastructure and application teams to ensure secure configurations and compliance.

• Maintain and improve endpoint protection, intrusion detection/prevention systems.

• Document incident response procedures and contribute to post-incident reviews.

• Create network diagrams and as-built documents.

• Develop and maintain a strong partnership with relevant global businesses and technical leaders and teams, including 3rd parties and affiliate businesses.

• Stay current with emerging threats, vulnerabilities, and security technologies.

Qualifications and Skills:

Education

• Bachelor's Degree in MIS, CIS, Cybersecurity or similar.

• At least five years of Security Operations.

• At least three years of Linux Administration.

• At least two years of Cloud (AWS or Azure) Administration.

Must-Have Skills

• Linux and Windows OS.

• DNS.

• Certificate Management: Digicert, AppViewX.

• Experience with ticket management solutions: Dynamics 365, ServiceNow, Remedy, etc.

• Experience with PMO tools such as Jira, Smartsheet, Monday.com, etc.

• Microsoft O365 products (Excel, PowerPoint, etc.).

• SEIM and SOAR technologies (Splunk, Cribl, Azure Sentinel).

• Configure and troubleshoot EDR/ Microsoft Defender for Endpoint, vulnerability management, and threat detection systems, with focus on Linux OS.

• Azure Security Center and Office365 Compliance Portal.

• AWS and Azure (IAM, IaaS, PaaS).

• Knowledge in KQL queries in Sentinel and/or SPL in Splunk for developing use cases, dashboards, custom rules, custom parsers.

• Intermediate Understanding of services and protocols commonly used in hosting environments: web servers, database servers, active directory protocols.

• Understanding of network packet analysis using tools such as Wireshark and TCPDump.

• Collaboration and communication skills across multiple teams and businesses.

Good-to-Have Skills

• Relevant certifications such as AWS Security Specialty, CISA, CISM, GIAC, Security+, or CISSP.

• Palo Alto Firewall, F5 LTM/GTM.

• Palo Alto Cortex suite of tools.

• Network technologies: switching, routing, wireless.

• PowerShell and Python Scripting.

• Power BI and Power Automate.

Integrating security systems via API, etc.