The Security Operations Lead will be responsible for handling security log analysis, threat hunting, incident response, incident reporting to stakeholders, and security monitoring.
Responsibilities and Duties:
Develop strategies and lead monitoring and detection activities using logs from various systems and tools, including endpoints, networks, servers, and identity sources.
Implement cloud-based detection methods to identify threats targeting the organization's cloud environments and services.
Analyze activities across assets (endpoints, networks, apps) and environments (on-premises, cloud) to recognize patterns of abnormal behavior.
Review alerts and data from security sensors, creating formal technical reports for incidents.
Collaborate with threat intelligence and/or threat-hunting teams.
Provide incident response support to network and infrastructure teams, including actions to contain incidents and facilitating forensic analysis when needed.
Work with SIEM (Security Information and Event Management) tools to manage, fine-tune, and create detection content, while actively monitoring for alerts.
Correlate activities across network, cloud, and endpoint environments to detect unauthorized access or attacks.
Research emerging threats and vulnerabilities to assist with incident detection and analysis.
Provide incident response support to end-users, taking steps to contain activities and supporting forensic investigations when necessary.
Conduct security standards testing on systems before implementation to ensure security compliance.
Review and enhance security incident response procedures, log analysis, threat intelligence processing, and related activities within the team.
Mandatory Qualifications:
Bachelor's degree in Computer Science, Information Security, Cybersecurity, or a related discipline.
At least 3 years of experience in roles such as red team/incident responder, security engineer, or security operations analyst.
Knowledge of cloud security concepts and best practices, including security features of major cloud platforms like AWS, Azure, and GCP.
Experience with security automation tools and techniques to improve task automation and SOC efficiency.
Project management experience in deploying new security tools or establishing new security policies and procedures.
Proficiency in both written and spoken English.
Preferred Skills/Experience:
Strong decision-making abilities, with the skill to evaluate the costs and benefits of different actions and make appropriate choices.
Self-motivated individual capable of influencing others to adjust their opinions, plans, or actions.
Excellent problem-solving and troubleshooting skills.
Knowledge of various security domains, including identity, network, systems, endpoint security, SIEM, SOAR (Security Orchestration, Automation, and Response), and other security technologies.
Proficiency in Chinese.#J-18808-Ljbffr