Overview

You will own and implement the strategy of the detection operations program as well as establish metrics that demonstrate continuous maturity towards target state objectives. The ideal candidate for the role should have a strong background in SIEM operations, incident response, high interpersonal and leadership skills, be highly analytical and data driven, and have strong verbal and written communication skills.

What you'll bring

• Proven track record of building scalable organizations that have world class threat detection capabilities

• Experience managing both in-house and out-sourced detection teams

• Technical proficiency performing security investigations at scale; including endpoint, cloud, identity, network, and email threats

• Practical experience with Detection & Response tools for network, endpoints, cloud, and identity as well as SOAR platforms

• Hands-on experience with SIEM and Data Lake solutions (e.g., Splunk, Snowflake, S3)

• Expertise with query languages (SQL, SPL, BigQuery)

• Strong fundamentals of Linux, MacOS, and Windows operating system internals

• Deep understanding of attacker techniques, tools and procedures

• Understanding of cloud environments such as AWS, GCP, and/or Azure

• Proficiency creating and managing operational metrics that increase team efficiency and quality

• Experience working with security frameworks like MITRE ATT&CK or Lockheed Martin’s Cyber Kill Chain; ability to track and discuss an attack through the cyber killchain

• Ability to manage effective relationships with organizational leaders, build a roadmap, and drive broad initiatives to completion

• Enthusiastic about managing and mentoring individuals pursuing careers in security operations and incident response.

Preferred Skills

• Admin or Architect level knowledge of a SIEM (Splunk, Azure Sentinel, QRadar, etc)

• In-depth knowledge of security standard processes in large-scale environments

• Ability to navigate hard conversations and disseminate information to team members.

• Willingness and ability to accept responsibility and provide guidance to team members

• Effective organizational and planning skills, with the ability to successfully guide projects through to completion

• Experience with software development or security automation highly preferred

• CISSP or CISM certification preferred

• Hand on experience with AWS Cloud (AWS Solutions Architect level of knowledge)

  Required Education / Experience

• BA/BS degree or higher in Computer Science, Cybersecurity or equivalent work experience

• 5+ years’ industry experience in Incident Response or Security Operations activities

• 3+ years leadership experience in a SOC or similar role

How you will lead

• Define detection operations strategy, roadmap, and objectives

• Participate in Cyber Incident Response Team (CIRT) rotation that may involve non-traditional working hours

EOE AA M/F/Vet/Disability. Intuit will consider for employment qualified applicants with criminal histories in a manner consistent with requirements of local law.