Lead SOC Services - Incident Response

What you'll do:

Identify and analyze cyber threats / incidents as part of Eaton's Cyber Security Incident Response Team (CSIRT). Play a key role in the Prevent, Detect, respond strategy to protect Eaton's intellectual property and brand in a highly complex, global, multi-technology, regulated and diversified business environment.

Responsible for the health and engineering services of security tools, investigating, analyzing, containing and remediating any potential cyber threat, or cyber security incident that could impact the organization.

• Provide Eaton with 24/7/365 (on-call rotation) cyber security incident response service with a focus on responding, containing, remediating and recovering cyber incidents across the organization.

• Respond, investigate, and resolve information security issues, following compliance and investigative standards
• Manage and coordinate response to any malicious cyber activity inside or against Eaton's assets.
• Work alarms, cases or incidents from the Level 1 SOC analysts, perform in-depth analysis and triage of threat activity
• Executes ITSM processes (Change, Request, Incident, Problem management) on technical IT systems at the component level
• Perform Threat Hunting based on emerging IOCs or vulnerabilities
• Develop, Refine and maintain incident and alarm rules to focus detection operations
• Develops and Refines operating procedures to improve efficiency and effectiveness of incident response, e-discovery, internal investigations
• Execute activities to eliminate malware, advanced persistent threats within a remediation event
• Execute project tasks to enhance IT Cyber Security capabilities
• Responsible for Security Engineering Services to include deployment, management, and updating of security stack.
• Responsible for developing advanced queries, detections, and automation to enhance the organization's security posture and detection capabilities .
• Improve and enhance detection capabilities to identify insider threats and build Zero Trust foundation"

Qualifications:

• Bachelor's degree in a technical discipline with 3+ years of relevant experience in cybersecurity.

Skills:

• Experience in security operations, cyber security incident response, vulnerability management or IT operations
• Experience in correlating events from multiple sources to detect suspicious and/or malicious activity.
• Working knowledge of a broad range of current IT platforms and technologies.
• Understanding of TTPs, MITRE ATT&CK framework
• Understanding of operating systems, applications, infrastructure, and cloud computing services.
• Capacity to comprehend complex technical infrastructure, managed services, and third-party dependencies.
• Understanding of Cyber Security with relevant work experience and/or relevant certifications.
• Understanding of common threats, penetration/intrusion techniques and attack vectors.
• Strong analytical and problem-solving skills

• Excellent proficiency with the English language (written and verbal). Strong analytical and problem-solving skills. Ability to communicate effectively across all levels of the organization

• Project management skills: Strong project management, multitasking, and organizational skills.