Information Security Senior Advisor (Team Lead)

Secureworks (NASDAQ: SCWX) is a global cybersecurity leader that secures human progress with Secureworks® Taegis™, a SaaS-based, open XDR platform built on 20+ years of real-world threat intelligence and research, improving customers’ ability to detect advanced threats, streamline and collaborate on investigations, and automate the right actions.

We enjoy competitive compensation and benefits packages, and reward and recognize our employees for exceptional results. A constant focus on continued learning and growth keeps our team members engaged and excited about “what’s next.” We offer flexible work options when available, and emphasize the importance of work-life balance. We know that when our people are rewarded, recognized, and rejuvenated, we win as a team.

This role will function as a SOC Analyst Team Leader. You will receive alerts and respond to activity within the client's environment detected by SecureWorks Managed Security Services. In this position you will oversee the daily tasks and deliverables handled by InfoSec Team and contribute to the investigation of high alerts, determining the source of the threat, the extent to which client assets have been compromised, making recommendations for remediation, and assisting in the implementation.

Job Responsibilities:

• Continuously exercise processes and utilize tools to maintain familiarity and identify improvement opportunities
• Participate as an SME in strategy setting of the InfoSec team to confirm if new suggestions for service will work and help identify gaps as team capability evolves
• Define, implement, improve team processes and procedures ensuring a unified delivery
• Represent team in Critical Situations, pre-sales activities, marketing events (internal/external summits, webinars, workshops), customer meetings, etc. 
• Work with Operational leadership for interviewing new security analysts’ candidates, acts as a mentor, working side by-side with other personnel in an advisory, support and training role
• Prepare operational governance reports and present them to the business stakeholders and client representatives 
• Define, collect, and monitor appropriate quality assurance/SLO metrics for reporting to senior leadership and tracking team performance
• Propose and review team training plans and facilitate career development for engineers of all seniority levels
• Overseeing and performing daily operational 'eyes on glass' real-time monitoring and analysis of security events from multiple sources including but not limited to events from SIEM tools, network and host based IDS, firewall logs, system logs (Unix & Windows), mainframes, midrange, applications and databases

Skills:

• Great leadership and coaching skills  
• Communication - The ability to make themselves well understood by others through the capacity to clearly and convincing express his point of view, to actively listen and control the conversation flow)  
• Risk assessment and decision making -The ability to analyze within reason facts and situations, decision making, evaluating consequences of others and undertake acceptable risks 
• Influencing - the ability to convince others of his/her opinions and determine them to follow 
• Task management and planning - The ability to effectively set an adequate action plan for himself/herself and for others, in order to reach a goal

Essential Requirements

• 5+ years of Information Technology experience with network technologies (CCNA, JNCIA certification are desirable)
• Experience around SIEM processes, monitoring & collecting, escalation strategies, data source normalization, event reduction, threshold tuning, alert triggers, threat Intelligence, threat modeling, triage
• Experience with reviewing raw log files, data correlation, and analysis (i.e. firewall, network flow, intrusion detection systems, system logs)
• Solid and demonstrable comprehension of Information Security including malware, emerging threats, attacks, and vulnerability management

Desirable Requirements:

• Industry certification from vendors: ISC2, GIAC, EC-Council, Cisco, Juniper, CompTIA, ITIL, Unix, Microsoft, Oracle, etc.;
• Previous experience in adjacent areas such as, Security Operations Center, Network Operations Center, System Administrator, Platform/Tool Support Engineer, IT Helpdesk support
• Performing both endpoint and network-based investigations 
• Reviewing logs to identify evidence of past intrusions 
• Pivot off indicators within networks to identify the scope and breadth of attacks 
• Malware and exploit kit functionality 
• Operating system and application exploits 
• Lateral movement, living-off-the-land, and persistence establishment mechanisms 
• Detection of anomalous system activity 
• Threat hunting methodologies 
• Incident response and incident handling processes

Secureworks is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at Secureworks are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. Secureworks will not tolerate discrimination or harassment based on any of these characteristics.