Tier 3 Shift Manager
Cyber Security Cyber Risk Posted: 18-Feb-2022
Alexandria, Virginia, United States
Arlington, Virginia, United States
Mclean, Virginia, United States
Rosslyn, Virginia, United States
Work you'll do
- Serve as the regional lead and point of escalation for Tier 1 and Tier 2 SOC analysts.
- Lead, conduct and coordinate on daily global threat hunting activities and research relevant threat actors, attack vectors, and behaviors pertinent to our industries.
- Lead, conduct, support and coordinate investigation, threat hunt, incident response, and other SOC activities with peers operating in other regional SOCs, and other Deloitte firms.
- Team with the Global Fusion Center’s Global Cyber Incident Response (GCIR), Threat Intelligence, and Global Cyber Wargames teams.
- Team and coordinate with other Deloitte cybersecurity teams, IT teams and other Deloitte firms.
- Continuous maintain and update threat hunt tactics and techniques, which can be shared with the security engineering teams, Global Incident Respond Teams, and Threat Intel teams.
- Remain current on cyber security trends and intelligence (open source and commercial) in order to guide the security analysis & identification capabilities of the SOC team
- Provide oversight and guidance to junior analysts
- Fulfill AMER EM Senior Deliver Manager (SDM) responsibilities in the absence of the SDM
- Perform advanced event and incident analysis, including baseline establishment and trend analysis.
- Provide timely advice and guidance on the response action plans for events and incidents based on incident type and severity.
- Responsible for identifying training needs for the junior analysts * Ensures that all identified events are promptly validated and thoroughly investigated
- When necessary, and with the SOC Managers approval, devise and document new procedures
- Identify opportunities for SOC system tuning.
What you'll be part of - our Deloitte Global Culture:
Who you'll work with:
Qualifications:
- Minimum of 5 years of combined experience in the Information Security / Cybersecurity domain with a focus on conducting Threat Hunting and/or experience conducting Cyber Incident Response
- Experience managing and/or leading successful teams in an operational environment
- Experience with the following technologies: leading SIEM technologies, EDR solutions, knowledge of IDS/IPS, antivirus solutions, network/host based firewalls, data leakage protection (DLP), web proxies, DNS, Windows and *Nix system administration, Netflow data, cloud computing, and virtualizations.
- Possess extensive knowledge on network, endpoint, threat intelligence, as well as the functioning of specific applications or underlying IT infrastructure, and have experience with SIEM technologies, EDR solutions. * Strong background in security incident response, system operations and threat intelligence
- Understanding of possible attack activities such as network reconnaissance probing/ scanning, DDOS, malicious code activity, etc.
- Knowledge digital forensics (network and endpoints) processes, and knowledge on the usage of malware analysis and forensic tools, and memory forensics analysis.
- Ability to hunt based on APT Tactics, Techniques, and Procedures (TTPs) in the enterprise network and in the host systems as required.
- Ability to analyze malware, extract indicators, and create signatures in Yara, and develop detection rules based on the adversary's Tactics, Tactics, and Techniques (TTPs)
- At least 2 years holding a management and leadership role
- Demonstrate leadership skills and ability to manage teams and shifts of analysts effectively
- Understanding of common network elements devices such as routers, switches.
- Understanding of networking protocols such as IP, DNS, HTTP, FTP, SMTP etc. well-known ports, network assets, web traffic, protocols, basic requests such as HTTP/S, and the OSI model.
- Foundation skills in Windows PowerShell and WMI
- Willingness to flex working hours to critical high priority operational incidents.