About The Position
As SecOps Lead, you will serve as an escalation resource and mentor for the entire security operations at Fireblocks. This includes operating and responding to escalated alerts, notifications, communications. You will provide incident response activities such as tracking the incident, communication with stakeholders, remediation and recovery actions, and reporting.
As SecOps Lead, you will conduct vulnerability assessments and penetration tests, and review alerts, industry news, threat intelligence, and security data. You will actively hunt for threats that have found their way into the network, as well as unknown vulnerabilities and security gaps.
You will be in charge of defensive and offensive strategy, manage resources, priorities, and projects, and manage the team directly when responding to business critical security incidents. You will act as a point of contact for the business for security incidents, compliance, and general security.
You will create solutions and tools that help organizations deal robustly with disruption of operations and malicious attacks, with a focus on mitigation, recovery, and remediation of cyber attacks. You are expected to have knowledge of cybersecurity incidents, anomaly analysis, log analysis, digital forensics, and common threat vectors, and be able to comprehend reports and determine what additional action and response activities may be required to resolve an incident.
- Manage the Security Operations team and activities.
- Think strategically with vast offensive and defensive experience at SOC.
- Prioritize alerts or issues and perform triage to confirm a real security incident has taken place.
- Perform root cause & incident response analysis to uncover attack vectors involving malware, data exposure, phishing, and social engineering methods.
- Support/develop reports during and after incidents, including all actions taken to properly mitigate, recover and return operations to normal.
- Support forensic investigators and application security analysts in reactive and proactive threat hunting engagements.
- Perform endpoint, network, and log analysis.
- Work with SIEM Engineering and other security partners to develop and refine correlation rules
- 5+ years of relevant work experience as a SOC manager including advanced event analysis leveraging SIEM tools.
- Formal cyber certification (e.g CISSP, CEH, CHFI) - advantage
- Experience with penetration testing tools and cross-organization data visualization.
- Experience with malware reverse engineering.
- Experience identifying and developing responses to new threats and attack patterns.
- Advanced knowledge of TCP/IP protocols; experience configuring and implementing various technical security solutions.
- Demonstrated proficiency in the Incident Response Process as well as threat hunting, malware analysis, or cyber forensics.
- Good understanding of system log information, and knowledge of how to collect specific data/attributes as necessary per incident event (host, network, cloud, etc).
- Advanced forensics, malware assessment, threat intelligence. White-hat hacker certification or training.
- Good understanding & experience with Mac & Linux operating systems.
- Moderate experience with scripting (such as Python)
- Moderate knowledge and experience with cloud technologies (Amazon, Azure).