Capgemini Security Lead - Cyber Services (Remote) in Massachusetts
Excellent analytical, problem-solving and decision-making capabilities
Excellent verbal, written and presentation communication skills
Experience in managing multiple projects, deadlines, and resources
Broad experience working in and/or supervising security operations
Experience working in a geographically diverse and fast-paced environment
Understanding of current information security challenges and solutions; industry trends
Experience leading cross functional teams, preferably as part of a global team
Extensive knowledge of security devices such as firewalls, intrusion detection systems, AV systems,
Understanding of ever-evolving Security information such as Threat Intelligence, IT vulnerabilities, Compromise methodology, and Indicators of Compromise.
Ability to explain findings to non-technical professionals and management and be able to work under pressure in time of critical or emergency situations with attention to detail and accuracy
Collaborate with other information security and IT professionals to develop and implement innovative strategies for monitoring and preventing attacks.
Lead team to conduct proactive monitoring, logging and alerting to analyze, correlate, and respond to cyber-attacks, threat intelligence and ability to define Risk and Compliance Dashboards.
Conduct research on emerging information security threats.
Develop programs and scripts for various security initiatives.
Create technical documentation around the content deployed to the SIEM.
Collaborate with SIEM engineers to develop specific content necessary to implement security use cases and transform into correlation queries, reports, rules, alerts from Checkpoint Firewalls, Security IDS, Symantec Enterprise Protection, etc.
Execute content management and change management procedures.
Identify emerging threat actors and track existing actors as their tactics, techniques and procedures (TTP) evolve.
Participate in after-hours on-call for Critical incident management.
Participate in technology remediation efforts through cross functional teams & across business units.
Collaborate with team to have configuration, testing, integration tasks related to SIEM platform. Perform and guide forensic analysis in response to security incidents. Plan for live incident response (reactive and proactive incident management) by identifying and remediating malicious applications and compromised infrastructure components.
Perform threat and vulnerability assessments and provide subject matter expertise on appropriate threat mitigation.
Supports and mentor’s other members of the team. Help to troubleshoot issues with log sources or systems with vendor, and report system defects as needed.
Nice to have skills
Master-Level understanding and hands-on experience in SIEM concepts such as correlation, normalization, aggregation and parsing.
Master-Level understanding of Cyber Security Operations, Incident Response processes
Master-Level understanding of enterprise logging standards, with a focus on application logging
Master-Level understanding of regular expressions and development of custom Parsers in SIEM
Master-Level in Intrusion Detection Systems and Analysis tools.
Experience in performing vulnerability assessments and penetration tests. Ability to administer the operations of a security infrastructure.
Extensive experience in creating reports, rules, alerts and dashboards in SIEM.
Knowledge of networking, web related protocols, SIEM best practices, processes and workflows.
Experience in integration of email security on widely accepted email platforms
8-10 years hands on IT security experience with Security Incident Management and Security Operations (SIEM technologies, AV, IDS, IPS, Vulnerability Management)
Candidates should be flexible / willing to work across this delivery landscape which includes and not limited to Agile Applications Development, Support and Deployments.
Applicants for employment in the US must have valid work authorization that does not now and/or will not in the future require sponsorship of a visa for employment authorization in the US by Capgemini.
Capgemini is an Equal Opportunity Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race, national origin, gender identity/expression, age, religion, disability, sexual orientation, genetics, veteran status, marital status or any other characteristic protected by law.
This is a general description of the Duties, Responsibilities and Qualifications required for this position. Physical, mental, sensory or environmental demands may be referenced in an attempt to communicate the manner in which this position traditionally is performed. Whenever necessary to provide individuals with disabilities an equal employment opportunity, Capgemini will consider reasonable accommodations that might involve varying job requirements and/or changing the way this job is performed, provided that such accommodations do not pose an undue hardship.
Click the following link for more information on your rights as an Applicant - http://www.capgemini.com/resources/equal-employment-opportunity-is-the-law
A global leader in consulting, technology services and digital transformation, Capgemini is at the forefront of innovation to address the entire breadth of clients’ opportunities in the evolving world of cloud, digital and platforms. Building on its strong 50-year heritage and deep industry-specific expertise, Capgemini enables organizations to realize their business ambitions through an array of services from strategy to operations. Capgemini is driven by the conviction that the business value of technology comes from and through people. It is a multicultural company of 200,000 team members in over 40 countries. The Group reported 2017 global revenues of EUR 12.8 billion (about $14.4 billion USD at 2017 average rate).
Visit us at www.capgemini.com . People matter, results count.
Organization: CIS US CORE
Title: Security Lead - Cyber Services (Remote)
Requisition ID: 060743