The first director of the Cyber ​​security detection will lead a team of engineers in the design, implementation and maintenance of advanced detection capabilities to protect the organization against emerging electronic threats. This pivotal role will enhance the exercise of electronic defense from the COX Automotive, allowing the rapid response to the threat and automatic treatment. The situation will be responsible for developing the detection engineering program strategy and setting standards to show continuous improvement. The ideal candidate will have knowledge of the expert level in the implementation of SIEM, the implementation of the record, the height, the response to accidents, and the intelligence of the threat that will depend on the data with verbal and written communication skills and strong leadership.

Cyber ​​security detection engineering:

• Define detection engineering strategy, road map, and goals to achieve.
• Design and implement advanced threat detection techniques using tools such as SIEM, EDR, NDR and Soar.
• Develop the innovative customized detection rules, automated therapy, playing writings and alerts designed to design a threat scene for institutions and customer security.
• Take advantage of the standard MITER work frameworks to determine the coverage of detection and closure gaps.
• Monitoring, improving and improving detection systems continuously for performance, expansion and effectiveness.
• It cooperates with the team to detect threats and respond to improving cybersecurity capabilities continuously in identifying and managing and responding to threats in the most efficient and effective way.
• The simulation test for the attack to verify the effectiveness of uses and purple cooperation exercises leads to cooperating with the weak MGMT team.
• It runs and maintains the management of Siem/Data Lake and recorded the infrastructure for swallowing in cooperation with cybersecurity engineering.
• Evaluation and verification of the health, control and sunset of the sun when necessary
• Maintains operational guidelines, graphs, and documents to detect safety and response.

Accident response support:

• Cooperation with the accident response team to ensure a rapid detection and contain electronic threats.
• Providing technical and guidance experience to develop cases of detection during high -quality security incidents.
• Improving detection and response continuously based on the lessons learned from accidents.
• Other duties may be set as needed to address new security threats facing the institution.
• Provides support outside the hour as needed for the security, discovery and response department.

The intelligence integrity of the threat:

• Take advantage of the intelligence of the threat to enhance the capabilities of detection and proactive mitigating the risks.
• Determine and analyze new and emerging threat tankers and integrate them into detection strategies.

Interest holders:

• Partner with cybersecurity, engineering and other products to align the disclosure strategies with organizational goals.
• The possibilities of detection and results continue to the stakeholders and non -technicians, including the executive leadership.

Governance and compliance:

• Make sure to adhere to all discovery and tools for regulatory requirements and industry standards (for example, GDP, PCI-DS, NIST).
• Create and maintain documentation of detection strategies, processes and configurations.

Professional technology skills (professional technology skills you need to be able to do this task)

The ability to:

• A busy record to build developed organizations that have the capabilities of universal threats.
• Technical efficiency for widespread security investigations; Including the end point, cloud, identity, network, and email threats.
• Working with internal information technology and external MSSPS to create and operate engineering use cases to detect WAF, DDOS, email systems, DLP, AV, and end point safety technologies.
• Practical experience with detection and response tools for network, finish points, clouds and identity as well as soar platforms.
• Application of security threat to determine new threat vectors.
• Project leadership to improve security monitoring capabilities and response capabilities.
• Show a strong background of security and architecture engineering to understand the best way to employ the most effective and efficient safety monitoring.
• Strong basics of Linux, MacOS and Windows operating system.
• Show effective communication of the security issues of the administration and others.
• Maintaining detection detection, SIEM composition and security standards.
• Efficiency creates and managing operational scales that increase team efficiency and quality.
• Entrance to the management and guidance of individuals who follow professions in detection engineering.
• The ability to manage effective relationships with organizational leaders, build a road map, and push extensive initiatives to end.
• Understanding the concepts of machine learning regarding predictive analyzes.

Knowledge, experience and qualifications

necessary:

• Bachelor’s degree in computer science or its equivalent and 8 years of industry -related professional experience. The right filter can have a different mix, such as a master’s degree and 6 years experience; PhD 3 years in a related field; Or 20 years of experience in a related field
• AWS multi -security experience, azure, GCP
• Knowledge at the level of experts in the detection of security operations
• 3+ years of expertise in management or leadership with direct management responsibilities
• Strong experience in information security, network security, security monitoring, and accident response.
• Strong experience in developing SIEM/Soar detection.
• Work experience with standard security techniques and services, such as threat intelligence, protection walls, SAS, IPS, end of the end point, DLP, Siem/Soar, and data lake data.
• Knowledge of experts on the attack killing series and diamond model.
• More than 5 years experience in responding to accidents or security operations
• 3 -year leadership experience in SOC or equivalent role
• You must live at a normal hills ny or Atlanta GA distance and be prepared to share 3X per week

desirable:

• GSEC, GCIA, GFE, GCFA, CISA, CISSP, CISM, or CIA Certificate (S)
• Development/Dev Ops/Engineering/Network/System Management

USD 173,900.00 – 289,800.00

compensation:

Compensation includes a basic salary of $ 173,900.00 – 289,800.00 dollars. The basic salary may differ within the expected basic payment range based on factors such as the final location of the situation and the knowledge of the chosen candidate, his skills and capabilities. The situation may be eligible for additional compensation that may include the incentive program.

benefits:

The company provides qualified employees in spending a larger vacation with wages, as it sees it in line with their duties, the company’s needs and obligations; Seven paid holidays throughout the evaluation year; And up to 160 hours of paid wellness in exchange for wellness or family members. Employees are also qualified to obtain an additional paid vacation in the form of a bereavement, spend time to vote, the jury leave, volunteer vacation, military leave, and parents ’vacation.