Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: InfoSec Jobs - SANS Internet Storm Center InfoSec Jobs

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Global Information Security Operations (SOC) Team Lead
Company Crane Co.
Location Remote
Preferred GIAC Certifications GCIH, GCFA, GNFA, GCTI
Travel 15%
Salary Not provided
URL https://www.linkedin.com/jobs/view/2920589497
Contact Name Kelley Hoff, HR Mgr.
Contact Email khoff/at/craneco.com
Expires 2022-06-11

Job Description

Crane Co is looking for outstanding information security professionals to join the Crane Co. Global Information Security Team!

Do you possess a strong security operations center background and want to lead others while working on interesting problems and helping to advance incident response capabilities? Have you always want to make a real impact on effective delivery of security operations at scale? We have an exciting opportunity helping to lead our blue-team operations back by leading and proven solutions in a comprehensive portfolio for our next-generation security operations center.

This position will provide exposure to best-of-breed security solutions in a challenging and rewarding enterprise setting. You’ll work closely with our tight-knit security team, as well as with Information Technology professionals around the world to identify attacks and repel attackers at scale.


Core Function:

This role will be responsible for performing investigations, helping to implement and develop solutions supporting the incident response function. You must be experienced and excited about leading the daily work of security analysts in triaging incoming alerts, and prioritizing response and effective remediation of threats. In this capacity you will be helping to define and implement processes and standard work for the global security operations function, including playbook development, building threat intelligence informed detections, and performing detailed investigations. This is a very hands-on position; doing threat hunting, utilizing an advanced security stack for daily work, and ensuring team SLAs and performance is met and delivered. Previous senior level security operations center and supervisory experience with threat hunting competency is a must.

You will assist in development and ongoing use of SIEM and SOAR technologies and processes supporting the global information security function. You will customize, develop, and implement the automation of security playbooks using APIs, various scripting methods and programming languages, and provide analytical techniques to build and support interfaces to and from various supporting technologies, tools, and IT systems. The ideal candidate must have solid proficiency in security incident management, and have a proven track record implementing automation to gain efficiencies, reduce errors, and increase capacity of an enterprise incident response program. You must have a strong desire to mature blue team tradecraft, to lead and mentor others, and to further your own development along the way.

The successful candidate will work collaboratively with Global Infosec Management, our Global SOC and other security team functions to ensure our overall cyber-incident preparedness and effectiveness. You will be expected to be able to communicate effectively at all levels of the organization, be extremely detailed, and be focused on delivery to program goals and expectations. You must enjoy contributing to continuous improvement initiatives, and have a genuine passion for infosec!

This is an exciting opportunity to grow and make a positive impact on a global program alongside other passionate infosec professionals. If you know you have what it takes to deliver on this, and have a desire to lead a team professionals along the way, this is the position you’ve always wanted.


Responsibilities and Duties:


· Ensure the timely identification, response, investigation, and remediation of all security events and incidents

· Lead daily work of security operations center team members and provide support to teams in other geographies and time zones as required

· Develop standard work and processes, build playbooks, and implement analysis logic supporting automation efforts using various techniques including scripting and coding

· Enrich and implement additional detective capabilities to enhance or improve incident identification and response

· Using SOAR techniques, automate and integrate workflows between SIEM, various IR platforms, and other solutions and technologies

· Work closely with the broader global security team, supporting the analysis and tuning of the effectiveness of solutions, configurations and processes

· Work closely with Information Technology to identify risks and weaknesses as a component of our vulnerability management program

· Provide input to the maintenance and enhancement of related policies, documentation, and procedures

· Contribute to the broader program to ensure best practices are identified and integrated into our approach and methodologies

· Support the security infrastructure administration and operations function as required

· Ensure all security incidents for self and team are fully and accurately investigated with comprehensive and effective remediation clearly defined and communicated to stakeholders


Qualifications and Competencies:


· Senior level experience in security operation center function supporting medium to large enterprises performing incident response

· Prior responsibilities performing triage, assignment, and closed-loop investigations for a team of SOC analysts and/or incident responders

· Proven results developing and implementing methods, processes, and procedures for detecting, responding, and resolving computer security incidents

· Deep understanding of present-day cyber-threats, attacker techniques and behaviors, and effective methods to both detect & repel these threats for a global organization with a distributed enterprise IT environment

· Prior experience using automation tools leveraging custom development, scripting, and solution platforms

· Prior experience writing tools to automate tasks and integrate various systems in Python, Powershell, and other scripting languages

· Experience with writing interfaces utilizing, JSON, XML, and REST APIs

· Experience performing data normalization, correlations, and visualizations

· Experience with supporting security technologies such as EDR, firewalls, proxies, web and email filters, application allow-listing, sandboxing, SIEM, threat intelligence, vulnerability scanning, syslog, IDS/IPS, DLP, etc.

· Broad technology experience with enterprise-level IT technologies including networks, endpoints, virtualization, cloud, operating systems, email, storage, databases, etc.

· Familiarity with relevant multi-national financial, privacy, and governmental regulatory requirements

· Highly motivated and self-directed with a passion for solving complex problems

· Excellent verbal and written communication skills

· Must be able to prioritize based on risk, schedule and track to deadlines for self and team members

· Ability to cope well with pressure and make sound decisions in uncertain situations

· Flexibility to work outside regularly scheduled/normal business hours

· Ability to travel both domestically and internationally, with little notice (as required)

· Required: 5 years relevant professional experience in Security Operations and Incident Response Management

· Required: 2 years supervisory experience leading SOC/IR analysts

· Required: Technical professional security certifications in Incident Response, Digital Forensics, or Malware Analysis, such as GCIH, GCFA, GNFA, GCTI or similar

· Desired: Degree in a related field

· US Person as defined under EAR PART 772 AND ITAR 120.15


*Crane Co. is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, disability, military status, or national origin or any other characteristic protected under applicable federal, state, or local law.