Client: LyondellBasell Acetyls, LLC
Position: Lead Threat and Forensics Engineer
Location: 1221 McKinney St Ste 700, Houston, TX 77010-2045
Duration: Full Time/Direct Hire
Lead Threat and Forensics Engineer - Full Time/Direct Hire
The Lead Threat & Forensic Engineer leads the forensics and monitoring of an enterprise wide threat, incident and security analytic management function for LyondellBasell protecting against intrusions such as targeted threat actors, malware, hacking attempts and other forms of cyber-attacks. Primary responsibilities will be leading the computer forensics and attack resistance with threat intelligence, incident and event monitoring. Additionally this role leads efforts to automate, integrate, and aggregate the data and systems needed to make that analysis quickly and accurately. This role will be a security evangelist and drive company-wide changes to remediate and discover weaknesses.
RESPONSIBILITIES AND ACCOUNTABILITIES:
· Manage, operate, and maintain the SIEM and Security Analytics systems along with security monitoring tools used for intrusion analysis and incident response
· Lead and support computer forensics and investigations
· Regularly analyze LyondellBasell ’s intrusion resistance and lead efforts to improve through automation, integration, and aggregation.
· Refresh / develop new threat intelligence, detection, hardening strategies.
· Provide information protection expertise to Information Technology operational teams to ensure systems are properly protected and monitored.
· Evangelize security within LyondellBasell and drive changes needed to response to emerging threats
· Analyze cyber threat data and correlate with existing understanding of cyber threats impacting LyondellBasell ‘s environment
· Profile new and emerging threats to the IT landscape
· Improve internal investigation capabilities through tool building and training.
· Serve as the technical subject matter expert to the event response team, providing mentoring to other team members as needed
· 5+ years of progressive experience in computing and information security, including experience with Information Security tools and technology.
· Extensive experience with SIEM technology including regular maintenance and tuning
· Experience with SIEM content development such as correlation rules, filters, lists, views, and reports
· Experience with Security Analytic technology and how it is used for security analysis
· Experience dealing with targeted attacks
· An understanding of commonly used targeted attack techniques, tactics, and procedures
· Strong general IT and INFOSEC background including cryptography and network/systems/physical security
· At least 3 years of performing information security incident response
· At least 3 years leading an operations staff
· Solid scripting abilities (Perl, Python, Shell, etc…)
· Deep subject matter expertise of network-based and system-level attacks and mitigation methods
· Expertise with forensic tools, log analysis, and the developing custom scripts/functionality as needed
· Excellent verbal and written communications skills including forensics reports and investigation summaries
· CISSP, CCNA, or other security recognition desirable
· Bachelor’s degree in computer science, information systems, or related field or comparable work experience
· Strong analytical and interpersonal skills
· Intercultural competence
· Law enforcement experience a plus
Digital Intelligence Systems (DISYS)