Lenovo

What you'll be doing

• Work closely with information security leadership and business stakeholders and as part of a team of responders.
• Respond to and investigate internally and externally driven incidents. Response may need to occur out of hours.
• Review events for anomalies and possible incidents.
• Regularly participate in incident response tabletop exercises designed to identify gaps, improve skills, enhance communication and engage with key stakeholders.
• Review technical reports from vulnerability and penetration testing assessments, as well as results from tabletop exercises to identify exposure to future incidents.
• Refine, recommend and maintain playbooks, policies, procedures and guidelines, and align with industry best practices.
• Liaison with threat hunting, infrastructure, IT, vulnerability management, threat intelligence and software engineer team members.
• Participate in monitoring internal and external events and stay tightly aligned with infrastructure, third-party, hosted, on-premises and end-user systems.
• Document and communicate incident details from initial investigation through closure and post-mortem.
• Uphold professional accountability to remain educated on incident response skills and abilities.
• Identify strengths and weaknesses in the program for team members to improve skills and knowledgebase.
• Openly support the organization, management and executive leadership team, even during times of adversity.
• Co-ordinating a team of associates and (potentially) onsite and offsite contractors to monitor for and respond to security events 24x7x365.
• Plan and execute regular incident response and postmortem exercises, with a focus on creating measurable benchmarks to show progress (or deficiencies requiring additional attention).
• Automate repetitive tasks and drive efficiencies so analysts can work on more advanced tasks.
• Manage security event investigations, partnering with other departments as needed.
• Evaluate and update SOC policies and procedures as appropriate.
• Partner with the security engineering team to improve tool usage and workflow, as well as with the advanced threats and assessment team to mature monitoring and response capabilities.

What you'll need to know: 

• 8 years of relevant working experience
• Operational Cyber security management experience gained in, or working as part of a Managed Service provider
• Experience of security tools and technology
• Good working knowledge of architectural techniques to prevent, mitigate and manage security threat
• Experience of SIEM solutions, incident management and reporting
• Excellent communications skills and stakeholder management experience
• Strong knowledge of security compliance or operations and a technical background with infrastructure or network security
• Ability to think of long-term strategic solutions as well as immediate resolutions to problems
• Create, develop and maintain security policies and practices
• Excellent problem-solving, critical thinking, analytical and decision making skills
• Understanding of threats and vulnerabilities, in addition to principles of IR and chain of custody.
• Experience with forensic tools, log correlation and malware analysis solutions.
• SIEM, threat intelligence platform, directory services, vulnerability management and endpoint configuration experience.
• Knowledgeable about cloud services, third-party risk management and application security.
• Strong written and oral communication skills across varying levels of the organization.