Dieses Stellenangebot ist nicht mehr verfügbar
Über
Cybersecurity Principal
to own and advance security operations, incident response, threat detection, and security engineering capabilities within a fast-paced enterprise environment. This role serves as a
hands-on technical authority and operational leader , responsible for defining detection standards, leading high-severity incident response, and continuously maturing SOC processes and tooling. The ideal candidate brings deep expertise across security operations, detection engineering, incident response, network security, and cloud monitoring, and is comfortable operating at both strategic and tactical levels. This individual will work closely with internal teams, MSSP partners, and leadership to strengthen the organization’s overall cybersecurity posture while ensuring reliable, effective day-to-day security operations. Required Qualifications 5+ years of progressive experience in Security Operations, Incident Response, Threat Detection, or Cybersecurity Engineering roles. Strong hands-on experience with SIEM administration, detection engineering, and log analysis. Demonstrated incident response leadership and threat investigation expertise. Experience operating within MSSP or managed security environments. Solid understanding of SOC workflows, alert triage, escalation procedures, and SLA management. Hands-on experience with enterprise security technologies, including: SIEM and log management platforms MDR / MSSP security platforms Endpoint detection and response (EDR/XDR) Email security technologies Network security and firewall platforms Cloud security monitoring solutions Threat intelligence and alerting systems Strong understanding of attacker behaviors, obfuscation techniques, and modern threat landscapes. Knowledge of network security fundamentals and enterprise security architecture. Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or equivalent practical experience. Preferred Qualifications Experience collaborating with red teams, adversary simulation, or threat emulation efforts. Experience with AWS and/or Google Cloud security monitoring. Working knowledge of the MITRE ATT&CK framework and threat intelligence operations. Experience with security automation, scripting, or SOAR technologies. Familiarity with compliance frameworks and operational security standards. Experience defining or maturing SOC metrics, KPIs, and operational reporting. Key Responsibilities Security Operations & Monitoring Lead advanced security operations activities across enterprise environments. Define and maintain detection standards, alert fidelity criteria, and SOC operational best practices. Monitor, investigate, and analyze security alerts, events, and incidents across networks, endpoints, email, identity, and cloud platforms. Review and interpret raw security logs and telemetry from multiple enterprise systems. Develop, tune, and maintain detection rules, alert logic, and correlation searches. Own and continuously improve SOC workflows, escalation processes, operational efficiencies, and response procedures. Support SLA tracking, incident prioritization, and operational reporting. Incident Response & Threat Analysis Act as lead investigator or incident commander for high-severity security incidents. Lead and support incident response investigations, including containment, eradication, and recovery. Perform forensic analysis and root cause investigations related to cybersecurity incidents and suspicious activity. Identify attacker techniques, persistence methods, evasion tactics, and malicious behaviors. Conduct proactive threat hunting to identify advanced threats and indicators of compromise. Coordinate with MSSP providers, internal teams, and leadership during active incidents. Security Engineering & Platform Administration Administer, optimize, and mature enterprise security platforms and monitoring technologies. Architect and enhance detection pipelines, log correlation strategies, and investigative workflows. Assist with onboarding new log sources, integrations, and data normalization efforts. Support cloud security monitoring and detection across hybrid and multi-cloud environments. Collaborate with infrastructure and engineering teams to improve security visibility and defensive controls. Network & Infrastructure Security Analyze network traffic, firewall logs, and endpoint telemetry to identify malicious or anomalous activity. Support enterprise network security operations in partnership with infrastructure and platform teams. Assist with improving segmentation, monitoring, and visibility across enterprise infrastructure. Threat Detection & Adversarial Analysis Apply adversarial knowledge and attack methodologies to improve detection and defensive capabilities. Identify monitoring gaps and recommend improvements to detection coverage. Validate detection capabilities against common attacker tactics, techniques, and procedures (TTPs) through adversary emulation, tabletop exercises, and purple-team activities. Documentation & Communication Document incident findings, response actions, and technical analysis clearly and accurately. Provide operational metrics, reporting, and actionable recommendations to leadership. Assist with developing security standards, operational procedures, and incident response playbooks. Communicate technical findings effectively to both technical and non-technical stakeholders.
Sprachkenntnisse
- English
Hinweis für Nutzer
Dieses Stellenangebot wurde von einem unserer Partner veröffentlicht. Sie können das Originalangebot einsehen hier.