IN Lead Security Specialist

Overview:We are a leading AI-driven Global Supply Chain Solutions Software Product Company and one of Glassdoor’s “Best Places To Work”.Scope:At SOC monitor hunt and mitigate Threats & Events with our Incident Response process. The security analyst's core responsibility includes Proactive detection, gather threat Intel, create custom hunting rules, Create process and playbooks to mitigate identified threats. Leverage internal and external intel tools for early detection of attack vectors. (IOC, IOA) both internally and externally and safe-guard BY’s environment against threat actors.This team is 24X7.What you’ll do:Create process and Playbook for Threat Hunting.Proactively look for suspicious anomalous activity based on data alerts or data outputs from various toolsets.strong understanding of administrative tools and how adversaries may leverage them to live-off-the-land.familiar with adversary techniques and attack lifecycles. MITRE ATT&CK® matrix)Document remediation required based on input during incident handling or vulnerability identification.communicating actionable threat intelligence to both technical and non-Technical TeamsResponsible for the validation and analysis of investigations within Security Operations Center (SOC) AnalystsResponsible for completing the documentation of the investigation; determine the validity and priority of the activity and escalate to senior SOC analyst teamCarry out Level 3 triage of incoming issues (initial assessing the priority of the event, initial determination of incident to determine risk and damage or appropriate routing of security or privacy data request)Provide communication and escalation throughout the incident per the SOC guidelines.Identify and manage a wide range of intelligence sources to provide a holistic view of the threat landscape and filter out noise to focus and execute upon actionable intelligence.Leading the development of actionable use cases to detect, triage, investigate and remediate based on latest threat actor trends, support teams with the technical implementation of parsing log sources creating, validating, and testing alerting queries to reduce false positivesEnsure that all security events and incidents (internal / external) are logged into ServiceNow and regularly updated and closed within the set SLAsWhat we are looking forStrong technical understanding of network fundamentals and common Internet protocols, specifically DNS, HTTP, HTTPS / TLS, and SMTPAt least 8-12 years of full-time experience within a Security Operations Centre (SOC) or incident response teamStrong interest in information security, including awareness of current threats and security best practicesFamiliarity with system administration and security controls on Microsoft Windows and LinuxExperience investigating security issues and / or complex operational issues on Windows and Linux Knowledge of email security threats and security controls, including experience analyzing email headers Experience analyzing network traffic using tools such as Wireshark, to investigate either security issues or complex operational issuesExperience reviewing system and application logs (e.g., web or mail server logs), either to investigate security issues or complex operational issuesA relevant specialist degree (e.g., information security or digital forensics)Relevant information security certifications such as GCIH, GCIA, GSEC, CEH, Security+, SSCPFamiliarity with core concepts of security incident response, e.g., the typical phases of response, vulnerabilities vs threats vs actors, Indicators of Compromise (IoCs), etc.Experience coordinating incident response, troubleshooting, or other complex issues across a global organization  Familiarity with Salesforce Sales Cloud (CRM) or Service Cloud • Experience with SIEM systems such as Splunk, AlienVault, QRadar, ArcSight or similarKnowledge of scripting and common web technologies (e.g., Python, Perl, Unix shell scripts, PowerShell, JavaScriptOur ValuesIf you want to know the heart of a company, take a look at their values. Ours unite us. They are what drive our success – and the success of our customers. Does your heart beat like ours? Find out here: Core ValuesDiversity, Inclusion, Value & Equality (DIVE) is our strategy for fostering an inclusive environment we can be proud of. Check out Blue Yonder's inaugural Diversity Report which outlines our commitment to change, and our video celebrating the differences in all of us in the words of some of our associates from around the world.All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.