Blue Squad Leader

Introduction

The Blue Squad Leader provides cross-disciplinary and cross-platform leadership of TDR operations to achieve the client's security objectives and optimal technical outcomes. The Blue Squad Leader serves as a highly specialized extension of the client's security apparatus to optimize the full spectrum of TDR capabilities: threat insight, prevention, detection, response, and recovery.

Your Role And Responsibilities

• Establish and maintain an intimate situational awareness of the client's security organization, objectives, decision-making, posture, and threat landscape to guide TDR operations.
• Provide internal, technical leadership of TDR operations to optimize the overall service and SIEM/EDR environments, ensure the implementation of best practices and client feedback, and drive the resolution of risks and issues.
• Analyze TDR operational metrics and KPIs for risks, issues, and opportunities to recommend actions to advance the overall service and the client's security posture.
• Lead weekly reviews with the client to maintain operational alignment, facilitate service delivery, and close feedback loops.
• Analyze and brief TDR operational metrics and KPIs included in periodic reviews owned by the SSAM.
• Internally align TDR operations with the client's security program maturity roadmap established in collaboration with SIOC.
• Capture TDR operational training gaps, platform requirements, and solution and support requirements exceptional to the contracted service, communicate to the appropriate IBM owners, and champion resolution.
• Participate in the evaluation and implementation of custom reporting requirements to tailor TDR operational reviews and the client's visibility to their security program objectives.
• Enhance TDR operational support to high severity Security Incidents by facilitating internal, operational communications and conducting post-recovery reviews to identify TDR lessons learned. Develop and track action plans to address TDR lessons learned.
• Review X-Force Red penetration test reports to identify IBM lessons learned. Develop and track action plans to address TDR lessons learned.
  
  

Preferred Education

Bachelor's Degree

Required Technical And Professional Expertise

• Technical leadership of personnel in the Cybersecurity field – 3 Years
• Direct experience working in a client-facing role interacting at multiple levels from security engineers and analysts to Managers, Directors and VPs – 3 Years
• Network/system traffic/event analysis – 5 Years
• Threat analysis experience – 5 Years
• Experience with SIEM platforms – 5 Years
• Active CompTIA Security+ or equivalent certification
  
  

Education

• Required: B.S. in Computer Science, Information Security, or related field
  
  

Preferred Technical And Professional Experience

• Experience delivering IBM Managed Security Services
• Experience in multiple technical roles within a SOC (Threat Monitoring Analyst, SIEM Administrator, Security Correlation Engineer, Escalation Engineer, Threat Intelligence Analyst, etc.)
• Experience with tools such as SOAR (Resilient), Vulnerability Management (Qualys), AV/End Point (Trend Micro, McAfee ePO)
• Experience with firewalls and intrusion prevention/detection systems, including the ability to demonstrate a mature understanding of networking best practices
• Experience with security compliance related to FISMA, NIST, and related security and risk management regulations
• Experience with Linux and Windows operating systems
• Active CompTIA CySA+, GIAC Certified Intrusion Analyst (GCIA) or equivalent certification
  
  

Education

• Preferred: M.A/M.S. in Computer Science, Information Security, or related field