Job Description

Job Title: Advanced Cyber Threat Services (ACTS) Lead

Role Overview: As a Lead of the Advanced Cyber Threat Services team, you will serve as an escalation point and subject matter expert for Trellix's Advanced Cyber Threat Services offerings. Your experience and knowledge will play a critical role in developing and implementing strategies to secure Trellix's customer and employee data across the globe.
We are looking for an experienced, well-rounded cyber defender interested in staying up to date with current and emerging cyber threats. This role will involve the candidate having working experience in Incident Response, Red Teaming, Threat Hunting, and delivering training to global customers along with leading the Advanced Cyber Threat Services Team in the region.

Role Responsibilities:

• Define and implement the overall strategy for ACTS
• Manage operations plans, staffing, and execution.
• Build maturity plans to help grow and scale the business.
• Manage project delivery resources.
• Planning and leading projects to a successful conclusion. This should include project profitability (P&L), resource management, and governance.
• You'll be shaping projects of varying size and complexity into our Large Enterprise customers.
• You'll proactively manage leads and approve requests for consulting.
• Qualify opportunities to ensure the correct solution approach and expert resources are assigned as necessary.
• Manage pipeline and forecast deals.
• Create the Statement of Work documents, and underlying P&L
• Identify delivery team - PM, partners, architects, and consultants.
• Provide a point of contact for Consulting issues and queries.
• Engage and assign key resources for project delivery, including suitable Project Managers and approved partners.
• Act as management and escalation point for projects.
• Attend project governance meetings where appropriate to support the project and PM.
• Lead Emergency Incident Response (EIR) / Red Teaming, Threat Hunting & Training engagements and guide clients through various incidents (i.e., breaches, malware/virus outbreaks, security incidents, and forensics investigations). Guide tactical and strategic response and remediation recommendations.
• Lead or play a critical role in incident response scenarios.
• Ability to handle stressful situations and think on your feet
• Ability to adapt and apply Containment, Mitigation, and Remediation concepts based on TTP's.
• Perform live response, malware analysis, volatile data collection, and analysis on hosts and/or network data.
• Correlate and analyze Windows, and Linux to identify Indicators of Compromise (IOCs).
• Strong in Network Forensics (TCP/IP networking) /Traffic analysis, Digital Forensics
• Ability to examine firewall, web, database, and other log sources to identify evidence of malicious activity
• Leveraging various forensics tools, including Encase, FTK, X-Ways, SIFT/ open source, Splunk, and other tools to determine the source of compromises and malicious activity in client environments.
• Display an understanding of security best practices, security gap assessments, penetration testing / Cyber Kill Chain, NIST, etc.
• Perform vulnerability assessments to identify security issues in client environments.
• Have performed SOC assessments and other proactive services (Tabletops/Purple Teaming etc.)
• Strong working knowledge of security-relevant data, including network protocols, ports, and common services, such as TCP/IP and application layer protocols (e.g., HTTP/S, DNS, FTP, SMTP, Active Directory, etc.)
• Experience or familiarity with programming in at least one of the following: Python, PowerShell, Bash, Shell Script, Batch, and VBScript would be beneficial
• Deliver professional consulting services across Professional Services portfolio and ability to manage multiple deliverables simultaneously, if and when required
• Able to learn and collaborate from our close-knit group and contribute your thoughts, tools, industry news, or lessons learned.
• Ability to speak with C-Level and management personnel about the engagement or service provided.
• Travel requirements around 40%, also if required.

Additional Experience Desired

• Experienced in managing large and complex client environments and meeting their business requirements by evaluating their security controls, architecture, and operations against industry best practices
• Assess and develop risk management/mitigation controls and strategies via technical testing and conducting risk assessments, and developing actionable remediation guidance.
• Have performed IR/SOC Gap Assessments and Development
• Basic understanding of the Trellix product suites intelligently discussing with clients how the ACTS Services can support and be supported by Trellix technology and solutions at a high level.
• Understanding in development of engagement scoping and proposals and making customer presentations

Typical Minimums:

• Bachelor/Master's degree from an accredited college in a related discipline, or equivalent experience/combined education, min 9-10 years of consultative experience/IR/forensic, security experience, and as above.
• One or more of the following technical certifications or equivalents: GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), GIAC Reverse Engineering Malware (GREM), EnCE, or similar

Company Benefits:

We work hard to embrace diversity and inclusion and encourage everyone to bring their authentic selves to work daily. We offer a variety of social programs, flexible work hours, and family-friendly benefits to all our employees.

• Pension and Retirement Plans
• Medical, Dental, and Vision Coverage
• Paid Time Off
• Paid Parental Leave
• Support for Community Involvement

We're serious about our commitment to diversity, which is why we prohibit discrimination based on race, color, religion, gender, national origin, age, disability, veteran status, marital status, pregnancy, gender expression or identity, sexual orientation or any other legally protected status.

Company Benefits and Perks:

We work hard to embrace diversity and inclusion and encourage everyone to bring their authentic selves to work every day. We offer a variety of social programs, flexible work hours and family-friendly benefits to all of our employees.

• Pension and Retirement Plans
• Medical, Dental and Vision Coverage
• Paid Time Off
• Paid Parental Leave
• Support for Community Involvement

We're serious about our commitment to diversity which is why we prohibit discrimination based on race, color, religion, gender, national origin, age, disability, veteran status, marital status, pregnancy, gender expression or identity, sexual orientation or any other legally protected status.