Full-time
Cyber Security Operations & Incident Response Lead - Minerals Technologies Inc - Bethlehem, PA

Job detailsJob TypeFull-timeNumber of hires for this role1QualificationsBachelor's (Required)Cyber Security: 5 years (Preferred)Full Job DescriptionMinerals Technologies Inc. (MTI) is a resource- and technology-based company that develops, produces and markets worldwide a broad range of specialty mineral, mineral-based and synthetic mineral products and related systems and services. The Company has four reportable segments: Specialty Minerals, Performance Materials, Refractories and Energy Services.MTI provides a business environment and promotes a culture that encourages all employees to contribute to our success. We have long been committed to the recruitment and advancement of the most talented and qualified people. We recognize that MTI’s ability to provide the highest caliber of products and services is enhanced by a workforce that reflects the diversity of the communities and countries in which we work.We currently have an exciting opportunity for a Cybersecurity Operation & Incident Response Lead at our Bethlehem, PA location. The Security Operations and Incident Response Lead will report to the MTI Cyber Security Manager. This role is highly technical as the day-to-day oversight and escalation point for the Security Operations Center (SOC) [currently outsourced] – it requires a holistic depth of knowledge across the security technology tools stack as well as hands-on keyboard experience and ability to work collaboratively across the organization.The SO&IR Lead will be expected to mentor and share security knowledge across the SOC team and the organization. The position provides a great opportunity for advancement. You will need to represent the SOC in front of application owners, executives, and other key stakeholders across the organization to communicate both security gaps as well as operational improvements. You will work to develop, maintain, and report on procedures to detect and respond to information security incidents as well as leading complex security investigations. The SO&IR Lead will perform tasks including monitoring, research, classification and analysis of security events that occur on the network or endpoint. Since the SOC has been fully outsourced, the SO&IR Lead will be the recipient of alerts so they can be investigated, qualified, triaged, and resolved in a timely manner. The Incident Response Lead should have expert familiarity with the principles of network and endpoint security, current threat and attack trends, an expert understanding of the OSI model, and have extensive experience in the application of defense in depth strategies.Position Details: Keeps abreast of industry trends and current emerging risks.Assess scope and severity of escalated alerts and effectively communicate to Cyber Security Manager.Serve as escalation point to provide thorough analysis of risks, vulnerabilities, and security incidents.Lead response to IR activities across multiple internal teams, including infrastructure, network, endpoint, Managed SOC, incident response; enforce incident response SLAs.Investigate security events forwarded from Level I & II Analysts and client for security risk.Serve as Security Incident Response Team Lead (when necessary).Conduct detailed security event analysis from network traffic attributes and host-based attributes (binary analysis, etc.) to identify information security incidents.Proactively search for and respond to security events and incidents from SIEM, Firewall (FW), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Antivirus (AV), Network Access Control (NAC) and other client data sources.Review lessons learned from previous incidents.Coordinate with Cyber Threat Intelligence and Vulnerability Assessment teams to assess real-world risk.Keep up-to-date on ongoing threat risk trends as well as common advanced persistent threats (APTs) actors.Identify strategic and operational SOC improvements and communicate those effectively to management.Collect and analyze SOC metrics as well as coordinate feedback with Cyber Security Manager.Develop best practices around investigations and incident response.Develop and adjust SIEM rules and analyst response procedures.Document actions in cases to effectively communicate information internally and to Managed SOC.Provide documentation and project support.Perform system maintenance and maintain current documentation.Provide resolution plans for system and network issues.Respond to inbound requests via phone and other electronic means for technical assistance.Responsible for other duties as assigned.Other Duties & Responsibilities1. Other duties as assignedOE/Lean1. Actively participates in the implementation of sustainable improvement processes, such as 5S, Kaizen, Total Productive Maintenance (TPM), Daily Management Control, Standard Work and Problem Solving.2. Manages individual employee involvement in continuous improvement activities to ensure equal opportunities are available for all department members to participate and contribute.Note: Management reserves the right to assign or reassign duties and responsibilities to this job at any time.Qualifications/RequirementsThe requirements listed in the sections that follow are representative of the knowledge, skills and/or abilities required to perform the duties of this job. Reasonable accommodations may be made to enable qualified individuals with disabilities to perform the essential functions (primary duties) of the job.Education: Bachelor’s Degree required. Concentration in computer science, computer engineering, or information systems with emphasis on IT/Information/Cyber-security preferred.Experience: Minimum of 5+ years of experience in information services with 5 years of demonstrable and progressive experience operating incident response and handling domains. Require in-depth understanding of Information Security practices for network, servers, databases, applications, and advanced use of incident response and handling techniques.Skills and attributes for success include the following:Personal and Operational Leadership to lead a highly technical team.Information Security Principles, Technologies, and Practices.Proven experience with multiple security event detection platforms.Expert understanding of TCP/IP networking skills to perform network analysis to isolate and diagnose.Expert understanding of IDS/IPS rules to identify and/or prevent malicious activity.Excellent written and verbal communication skills required. Must be able to communicate technical details clearly.Integrity in a professional environment.Minimum of 5 years of experience in one or more of the following:Working in a Security Monitoring/Security Operations Center environment (SOC).Experience investigating security events, threats and/or vulnerabilities.Experience leading and directing security incident response.Experience with a variety of operating systems including Windows, Linux or UNIX in a functional capacity.Understanding of electronic investigation and log correlationProficiency with the latest intrusion detection platforms; working knowledge of Linux and/or Windows systems administration (Including AD).Understanding of well-known protocols and services e.g., FTP, HTTP, SSH, SMB, DAP.Understanding of routing principles and networking fundamentals: Packet Analysis Tools (TCPDUMP, Wireshark, Ngrep).Scripting or programming (Shell scripting, Python, PowerShell, Perl, Java, etc.).Should have detailed understanding on below technologies.Desired skill: Previous leadership experience as a team lead or supervisorExperience working with SIEM [QRadar], Antivirus [McAfee], Endpoint Detection and Response (EDR) [McAfee, Carbon Black, and Crowdstrike], Log Aggregators, Incident Response Management solutionsExperience managing standards, developing Security Operations Process, reporting and dashboardsAutomation experience on Phantom, Demisto, or other SOAR toolsForensic experience (1-2 years) especially around in-memory attacksReverse Malware engineer experience (1-2 years).AWS, Azure and Google Cloud Platform (GCP)Certifications (Desirable)SANS/GCIH ORCISM (Certified Information Security Manager) ORCertified Information Systems Security Professional (CISSP) ORCompTIA Security+Other related certifications such as SANS/GCIA, SANS/GCFA, SANS/GCIH, SANS/GCFE, SANS/GIAC, SANS/GSEC, are preferred, but not required.Knowledge of Cybersecurity Framework (e.g. NIST CSF, ISO27001) would be desirableOther Desired Experience:· Master’s degree in computer science, information systems, engineering, business administration or a related field is preferred, but not required.· Strong understanding of information security and the relationship between threat, vulnerability and information value in the context of risk management.· Ability to gather, analyze and interpret business drivers and developing practical security solutions that provide adequate security to support the business.· Possess a good understanding of appropriate leading-edge technologies.· Known to relevant technology companies as a thought leader around security, privacy and supporting technologies.· Extensive experience working across a diverse and inclusive team environment with strong commitment to respect, equality and teaming.Critical competencies for success:· Leadership skills: Must have the proven ability to lead the development, planning, coordination, and monitoring of security operations and incident response solutions and programs, and be a key part of the overall leadership for all aspects of information security. This leader will be known as a collaborative and influential executive who can serve as an effective member of the executive management team at MTI. This leader will be known as a collaborative individual who can serve effectively as an active contributor at MTI. Must be able to communicate effectively regarding security, privacy, risk, compliance, strategy and the required investments to technologists and business personnel.· Security knowledge: Able to draw upon proven experience to recommend and gain buy-in to numerous information security policies and solutions. He/she will be able to provide leadership by demonstrating subject matter expertise. This individual is able to represent the interests of the organization and gain support from stakeholders· Ability to deliver: This individual will have the proven ability to contribute solutions to large, complex projects across various business and functional departments as they pertain to risk and security matters. He/she can create a positive and productive mindset with solutions to meet clear objectives, goals and effective processes.· Project, Program and Portfolio Management: This individual must have a solid foundation of program and project management in past initiatives. The individual must have experience in leading and directing a portfolio of projects and initiatives in both a project and a sustained operational capacity.Travel: Travel to other work sites may occur.Knowledge, Skills & Abilities: Candidate must have a well-developed business understanding, working knowledge of customer requirements and demonstrate a balance between analytical and creative thinking. Candidate must also be a self-starter who seeks responsibility and is able to work with minimal direction. Candidate must have demonstrated a willingness to challenge conventional ideas, be flexible, innovative, and be able to function effectively in a team environment and possess superior analytical and problem solving skills. Candidate must be proficient in personal computers and related databases. Computer skills required include knowledge of spreadsheets; database and word processing software on PC based systems. Candidate must possess excellent organizational and communication skills. Candidate must possess strong interpersonal skills and have the ability to communicate.While performing the duties of this job, an employee is typically required to have the ability to coordinate movements, regularly stand, walk, bend, squat, climb, reach, crouch, and kneel during a work shift, have manual dexterity, select and use appropriate equipment/tools to accomplish job duties, read, write, listen, speak and understand English, follow all instructions and other oral/written information, visually inspect equipment/work area, complete paperwork and other documentation accurately, identify, analyze, troubleshoot and solve issues using judgment, react quickly as needed, be organized and detail oriented, be able to identify/judge the urgency of a situation, use judgment in decision making, make decisions in a timely manner, manage multiple priorities, communicate effectively with others, be aware of oneself in relation to surrounding equipment, and work independently. Ability to instruct/transfer job information/knowledge to others is preferred.The employee is expected to be self-directed, take initiative and be persistent when appropriate to accomplish necessary duties and keep busy without prompting. Additionally, the employee is expected to be adaptable/flexible to changing work assignments, have a high level of integrity, dependability and self control to maintain composure, perform multiple tasks at once, learn and memorize procedures, manage time effectively and efficiently, meet established deadlines, display a cooperative demeanor, read, understand and follow all company, job specific and safety policies/procedures, and attend/use all required training. Ability to travel is required.Work Hours: Must have ability to work the shift/number of hours in which duties need to be accomplished, including overtime, holidays and weekends, as necessary. Call-ins may occur as needed.Safety Training: A new employee hired to perform the duties of this position is required to be provided New Employee Training by a qualified individual or through the online training system. Additionally, an employee must be provided further training if a job duty/task has changes that will affect the health and safety aspects of that employee’s position.Additional refresher safety training will be required as management deems appropriate or as dictated by government regulations.Equal Opportunity Employerwww.mineralstech.comJob Type: Full-timeBenefits:401(k)401(k) matchingDental insuranceDisability insuranceEmployee assistance programHealth insuranceLife insurancePaid time offVision insuranceSchedule:Monday to FridayEducation:Bachelor's (Required)Experience:Cyber Security: 5 years (Preferred)Work Location:One locationWork Remotely:Temporarily due to COVID-19

Expired, click here to search for relevant jobs

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.