POSITION MISSION The Detection & Response Team Leader, reporting to the Group CISO, will be responsible for safeguarding corporate on-cloud and on-premises infrastructures through a variety of technologies and processes to prevent, detect, and manage security threats.
RESPONSIBILITIES Collaborate effectively with all colleagues, supporting VIP requests and leading the evolution of detection and response capabilities.Respond to security incidents by investigating and mitigating negative impacts.Manage teams and professionals, including third-party providers (e.g., SOC Providers).Enhance SIEM detection through the implementation of use cases and playbooks.Support the deployment and configuration of security tools (EDR, CASB, DLP, Antispam, SIEM, SOAR).Participate in the vulnerability management process to monitor, identify, and assess security vulnerabilities.Collaborate with the IT department to secure IT/OT implementations.Effectively communicate with stakeholders, and design and author technical documents, including RF* (Request For *).Define training and development paths for team members.Establish and manage budgets for Detection & Response requirements.TECHNICAL SKILLS, QUALIFICATIONS AND PROFESSIONAL EXPERIENCE 3+ years of Blue Team experience or, preferably, considerable experience as a SOC Manager or Team Leader.Excellent teamwork abilities, with strong organizational skills and a talent for building positive relationships with colleagues.Solid knowledge of network fundamentals and protocols (e.g., ISO/OSI stack, TCP, UDP, IPSec, SSL VPN, HTTPS, SSH, etc.
).Proficiency in high-level scripting languages (Python, KQL, Bash, PowerShell) to automate security operations and develop detection rules.Experience analyzing data from SIEM, TIP, or similar platforms (e.g., MISP, YARA rules, Sigma rules, Threat Hunting).Familiarity with Windows Active Directory, Azure Active Directory, hybrid environments, Intune MDM, Defender 365, and Tenable.Knowledge of penetration testing methods, techniques, and tools.Understanding of Cloud Security (Azure) and Zero Trust methodologies is a plus.Familiarity with MITRE ATT&CK and Cyber Kill Chain frameworks.Preferred certifications: Microsoft SC-900, SC-200, SC-100, AZ-500; CISSP, CISMSkills in public speaking, experience and active collaboration with open-source projects are advantageousSosteniamo la parità di genere e promuoviamo un ambiente equo ed inclusivo. Accogliamo candidature da qualsiasi persona indipendentemente dal background di provenienza, riconoscendo il valore della diversità nel nostro contesto lavorativo.
Il nostro processo di selezione si basa sul principio base di favorire l'uguaglianza professionale promuovendo principi di non discriminazione basati sul genere, età, etnia, nazionalità, disabilità, religione, orientamento sessuale, stato civile ed appartenenza o meno a organizzazioni sindacali o politiche.
#J-18808-Ljbffr