Vacancy caducado!
Lead Cyber Incident Responder (Remote)
Do you enjoy being part of a successful team?Do you like working in collaborative teams and solving technical problems?Join our Digital Technology Team!Our Digital Technology business provides intelligent, connected technologies to monitor and control our energy extraction assets. We provide customers with the peace of mind needed to reliably and efficiently improve their operations. Our team creates business value through continuous improvement in up-time, resilience, performance, time to market, security and compliance.Partner with the bestAs a Sr. Staff Incident Responder, you will provide prevention, detection, response, and remediation activities to ensure information assets and technologies are adequately protected. This includes EDR, SIEM, AV, IDS/IPS and more. In this role you will provide guidance to junior analysts, work with technology teams to tune rules, and serve as an incident commander for cybersecurity incidents impacting the Baker Hughes environment.As a Sr. Staff Incident Responder, you will be responsible for:• Serving as an escalation point from junior analysts to provide triage and response guidance• Managing cybersecurity incidents, including identification, containment, eradication, and remediation• Assisting in the development of new use-cases in the SIEM alongside the Threat Detection Operations and Security Engineering teams• Developing processes and procedures for incident response to help standardize Detection & Response activities• Leveraging cyber threat intelligence indicators provided by the CTI team to help enrich detection and response• Performing threat hunting activities using data collected from within the Baker Hughes environmentFuel your passionTo be successful in this role you will:- Have at least 7 years of experience in cybersecurity, with a focus on detection and response to malicious activity using log data from systems, network devices, and security tools
- Have experience with core enterprise infrastructure and security-supported technologies including data protection elements such as DLP, tokenization, encryption, endpoint security, and perimeter protection such as firewalls or WAF, SIEMs, IPS/IDS, and managed security services
- Have scripting experience with Bash, PowerShell, or Python and the ability to use these skills to aid in responding to incidents involving Windows, Linux, and Mac hosts
- Have experience developing detection logic for enterprise SIEM systems and with exploitation techniques and use case development
- Have experience writing procedural documentation (playbooks and runbooks) to serve as job aids for junior analysts
- Have experience with cybersecurity tools and software, E.g. Splunk, McAfee, CrowdStrike, Windows Defender, SELinux, Syslog, Palo Alto, and Cisco
- Have experience serving as a team leader for junior analysts, providing ad hoc guidance and more formal training
- Be familiar with the MITRE ATT&CK Framework and/or Cyber Kill Chain
- Have strong oral and written communication skills Strong interpersonal and leadership skills
Vacancy caducado!