AVP, Detection Operations (L10)

Job Description:

Role Title: AVP, Detection Operations (L10)

Company Overview:  

Synchrony (NYSE: SYF) is a premier consumer financial services company delivering one of the industry’s most complete digitally enabled product suites. Our experience, expertise and scale encompass a broad spectrum of industries including digital, health and wellness, retail, telecommunications, home, auto, outdoors, pet and more.

• We have recently been ranked #2 among India’s Best Companies to Work for by Great Place to Work. We were among the Top 50 India’s Best Workplaces in Building a Culture of Innovation by All by GPTW and Top 25 among Best Workplaces in BFSI by GPTW. We have also been recognized by AmbitionBox Employee Choice Awards among the Top 20 Mid-Sized Companies, ranked #3 among Top Rated Companies for Women, and Top-Rated Financial Services Companies.

• Synchrony celebrates ~51% women diversity, 105+ people with disabilities, and ~50 veterans and veteran family members.

• We offer Flexibility and Choice for all employees and provide best-in-class employee benefits and programs that cater to work-life integration and overall well-being.

• We provide career advancement and upskilling opportunities, focusing on Advancing Diverse Talent to take up leadership roles

Organizational Overview:  

This role resides in the Security Automation and Detection Operations organization which is global team responsible for streamlining security events through automation and optimizing detection development. This team partners closely with Technical Intel, JSOC, and other partners to develop and deliver high fidelity security alerting to protect Synchrony from cyber threats.

Role Summary/Purpose: 

 The AVP, Detection Operations candidate is responsible for managing and optimizing the Splunk ES (Enterprise Security) to enhance security operations and threat detection. Responsibilities include managing Splunk Mission Control for improving incident response workflows. Key duties include building and maintaining Splunk ES data models, assets, and identities to improve analytics, entity correlation, and security posture. The role requires developing and managing alert actions to automate and optimize threat detection and response processes. Additionally, this position involves leveraging CDLC pipelines to facilitate detection logic integration. Automated validation of logs and detection logic is also essential to ensure accuracy and reliability in threat detection and response. In this role, a combination of technical expertise in Splunk ES, security operations, and automation is required to enhance system performance, ensure timely response to security incidents, and drive efficient security analytics.

Key Responsibilities:  

• Splunk Mission Control: Develop and manage Splunk Mission Control to enhance incident response capabilities and streamline security operations.

• CDLC Pipelines/ Detection as Code: Employ CDLC pipelines to expedite and integrate detection logic across systems.

• Automated Validation: Develop automated validation mechanisms for critical logs and detection logic, ensuring high accuracy and reliability in threat detection.

Required Skills/Knowledge:  

• Bachelors degree with 4+ years of experience with Information Security along with Splunk ES and in lieu of degree with 6+ years of experience required.

• 4 years of Splunk ES Administration: Expertly manage the overall administration of Splunk ES, ensuring optimal performance, scalability, and reliability of the system.

• 4 years of Splunk Search Processing Language (SPL): Proficiently utilize Splunk SPL for querying, analyzing, and visualizing data to inform timely security decisions.

• 4 years of Data Models: Build, manage, and effectively leverage Splunk ES data models to enhance data analytics, security insights, and detection logic.

• Assets & Identities: Construct and manage comprehensive Splunk ES assets and identities, ensuring accurate security posture and entity correlation.

• Alert Actions: Develop, manage, and leverage Splunk ES alert actions to automate and optimize threat detection and response processes.

• Programming Expertise: Utilize Python and HTTP client programming to integrate and automate security solutions efficiently.

Desired Skills/Knowledge:  

• Previous experience in working with or in SOC and Incident Response programs

• Experienced working in organizations that leverage agile methodologies.

• Experience working in cloud environments (AWS/Azure).

Eligibility Criteria:  

Bachelors degree with 4+ years of experience with Information Security along with Splunk ES and in lieu of degree with 6+ years of experience required.

Work Timings: 3pm to 12am IST

This role qualifies for Enhanced Flexibility and Choice offered in Synchrony India and will require the incumbent to be available between 06:00 AM Eastern Time – 11:30 AM Eastern Time (timings are anchored to US Eastern hours and will adjust twice a year locally). This window is for meetings with India and US teams. The remaining hours will be flexible for the employee to choose. Exceptions may apply periodically due to business needs. Please discuss this with the hiring manager for more details.

For Internal Applicants:

• Understand the criteria or mandatory skills required for the role, before applying

• Inform your manager and HRM before applying for any role on Workday

• Ensure that your professional profile is updated (fields such as education, prior experience, other skills) and it is mandatory to upload your updated resume (Word or PDF format)

• Must not be any corrective action plan (First Formal/Final Formal, LPP)

• L8+ Employees who have completed 18 months in the organization and 12 months in current role and level are only eligible

• L08+ Employees can apply

Grade/Level:10

Job Family Group: