Responsibilities

• Lead content and process development for existing and new cyber defense tools; Lead creation and validation of signatures or Indicators of Compromise (IOCs) in response to new or observed threats.
• Lead cross-functional teams to resolve computer security incidents, to improve the security posture of McAfee’s infrastructure and vulnerability compliance.
• Perform event correlation using information gathered from a variety of sources to gain situational awareness to detect, confirm, contain, remediate, and recover from attacks.
• Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities.
• Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information; Perform root cause analysis to determine tactics, techniques, and procedures (TTPs) for intrusions.
• Notify Security Operations managers and cyber incident responders of suspected cyber incidents in accordance with the cyber incident response plan and procedures
• Exercise a user-oriented approach while handling security incidents to ensure that user impact is minimized as much as possible, and the situation is well articulated to users
• Document ongoing incidents, after-action reports, and escalate incidents
• Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities.
• Monitor external data sources to maintain currency of cyber defense threat conditions and determine which security issues may have an impact on the enterprise.
• Support Incident Response efforts - evidence collection, documentation, communications, and reporting.
• Responsible for the enforcement of corporate information security policies to protect McAfee's information assets and intellectual property.
• Lead or contribute to security risk assessments that determine threats, consequences, and vulnerabilities to key assets, products, and services.
• Recommend and drive additional security controls to meet current and future needs.

Qualifications

• 5+ years of experience in Security Operations environment
• Exercising solid critical thinking and analytical skills Leading efforts during one or more phases of Incident Response lifecycle Application of cybersecurity principles and risk management basics to mitigate risk Leading & collaborating with multiple teams to drive improvements and resolutions Cloud security monitoring – detection and response (AWS, GCP, and Azure)
• Mentoring junior analysts and improving security technologies & processes
• You have taken initiatives to drive improvements for security technologies and processes
• Outstanding knowledge of the Security Operation Center (SOC) & the Information Security Common Body of Knowledge and best practices
• Excellent knowledge of process automation and use of SIEM & SOAR tools
• Ability to improvise as newer threats emerge and guide team on threat hunting
• Preferred certifications: GCIH, GCFA, CEH, Network+, Security+, cloud service provider certifications or equivalent industry standard certifications

Preferred Qualifications

• Familiarity with Rapid7 suite of tools
• Familiarity with Crowdstrike suite of tools
• Familiarity with SumoLogic, Splunk or other log aggreation tools
• Familiarity with Microsoft Active Directory