Security Technical Lead

Ampcus Inc. is a certified global provider of a broad range of Technology and Business consulting services. We are in search of a highly motivated candidate to join our talented Team.

Job Title: Security Technical Lead

Location(s): Fort Mill, SC


Required Skills

• Excellent analytical, problem-solving and decision-making capabilities.
• Excellent verbal, written and presentation communication skills.
• Experience in managing multiple projects, deadlines, and resources.
• Broad experience working in and/or supervising security operations.
• Experience working in a geographically diverse and fast-paced environment.
• Understanding of current information security challenges and solutions; industry trends.
• Experience leading cross functional teams, preferably as part of a global team.
• Extensive knowledge of security devices such as firewalls, intrusion detection systems, AV systems, spam systems, event correlation devices, log file analyzers etc.
• Understanding of ever-evolving Security information such as Threat Intelligence, IT vulnerabilities, Compromise methodology, and Indicators of Compromise.
• Ability to explain findings to non-technical professionals and management and be able to work under pressure in time of critical or emergency situations with attention to detail and accuracy.
• Problem Solver - Set examples to team e.g. how to create an exec report, how to create a runbook that can withstand customer scrutiny.
• Technical - Needs to be an expert and hands on technical on at least one or two cyber areas such as incident investigation, SOC and VM.
• Good Analytics skills.
• Understand offshore model - Good communicator to work with offshore.
• Solutioning - Knowing when the customer requires a technology transformation and getting ahead of the ask, connecting the dots with our internal experts and solutioning team to shape the solution.

• Collaborate with other information security and IT professionals to develop and implement innovative strategies for monitoring and preventing attacks.
• Lead team to conduct proactive monitoring, logging and alerting to analyze, correlate, and respond to cyber-attacks, threat intelligence and ability to define Risk and Compliance Dashboards.
• Conduct research on emerging information security threats.
• Develop programs and scripts for various security initiatives.
• Create technical documentation around the content deployed to the SIEM.
• Collaborate with SIEM engineers to develop specific content necessary to implement security use cases and transform into correlation queries, reports, rules, alerts from Checkpoint Firewalls, Security IDS, Symantec Enterprise Protection, etc.
• Execute content management and change management procedures.
• Identify emerging threat actors and track existing actors as their tactics, techniques and procedures (TTP) evolve.
• Participate in after-hours on-call for Critical incident management.
• Participate in technology remediation efforts through cross functional teams & across business units.
• Collaborate with team to have configuration, testing, integration tasks related to SIEM platform. Perform and guide forensic analysis in response to security incidents. Plan for live incident response (reactive and proactive incident management) by identifying and remediating malicious applications and compromised infrastructure components.
• Understand Network, Wireless, Mobile Device, and Wan/Lan infrastructure device architecture and associated Security integration for proactive Threat Management.
• Perform threat and vulnerability assessments and provide subject matter expertise on appropriate threat mitigation.
• Supports and mentor’s other members of the team. Help to troubleshoot issues with log sources or systems with vendor, and report system defects as needed.

• Master-Level understanding and hands-on experience in SIEM concepts such as correlation, normalization, aggregation and parsing.
• Master-Level understanding of Cyber Security Operations, Incident Response processes
• Master-Level understanding of enterprise logging standards, with a focus on application logging
• Master-Level understanding of regular expressions and development of custom Parsers in SIEM
• Master-Level in Intrusion Detection Systems and Analysis tools.
• Experience in performing vulnerability assessments and penetration tests. Ability to administer the operations of a security infrastructure.
• Extensive experience in creating reports, rules, alerts and dashboards in SIEM.
• Knowledge of networking, web related protocols, SIEM best practices, processes and workflows.
• Experience in Mobile Device protection.
• Experience in integration of email security on widely accepted email platforms.

• 6-8 years hands on IT security experience with Security Incident Management and Security Operations (SIEM technologies, AV, IDS, IPS, Vulnerability Management).

Ampcus is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veterans or individuals with disabilities.