WarnerMedia seeks a Team Lead, Security Ops Center for the Cyber Security team. The Security Operations Center Lead Analyst will be responsible for leading and managing a team of first responders who are tasked to detect, analyze, respond to, report on, and prevent cybersecurity incidents. The Team lead will also be accountable for driving new detection rules into the sensors and establishing new rules based on active threats and suspicious behaviors. As team lead, this individual must be highly organized and able to manage a Security Operations team.
• Directly manage 5 – 7 SOC Analysts
• Manage operations in deterring, identifying, monitoring, investigating, and analyzing computer network intrusions. Ensure events are properly identified, analyzed, and escalated to incidents.
• Perform analysis for security events as detected by various host and network-based tools
• Assist in the advancement of security policies, procedures, and automation
• Serve as the technical escalation point and mentor for lower-level analysts
• Document and communicate technical findings in case management solution
• Maintain a strong awareness of the current threat landscape
• Professionally communicate directly with end users, asset owners, colleagues
• Bachelor's degree in computer science, cybersecurity, information technology, or related field OR technical security certifications preferred
• 5+ years of relevant experience or equivalent combination of education and work experience
• 1-2 years' experience as a people manager or lead analyst on a security team preferred
• Excellent analytical and problem-solving skills.
• Ability to lead root cause analysis of problems.
• The ability to learn new technology and concepts quickly
• Ability to manage multiple priorities in a high-pressure environment.
• Experience with Splunk or other similar log solutions.
• Proficient with Linux, Windows, MAC Operating Systems and cmdline usage for all
• Knowledge of forensic evidence concepts
• Knowledge of exploits, vulnerabilities, malware families and network attack vectors.
• Knowledge of public cloud architecture and responding to security events, alerts, incidents in the cloud
• Strong knowledge of web applications and APIs
• Scripting (Perl, python, PowerShell, bash), RegEx and PCRE experience
• Familiarity with static and dynamic malware analysis.
• Knowledge of/about well-known networking protocols and services (FTP, HTTP, SSH, SMB, LDAP, etc.)
• Experience performing log analysis from a variety of sources
Nice to Haves
• Experience with Firewalls, Intrusion Detection Systems, Endpoint Detection and Response Solutions
• Experience with Data Analytics a plus
• Effective in collaboration with teams in remote offices
• Excellent interpersonal skills and the ability to work effectively with people in a wide range of positions and levels
Jobcode: Reference SBJ-d813p9-3-81-89-248-42 in your application.