Posted 3 weeks ago

Threat Investigation Team Lead

Company: Sentinel Technologies
Category: IT

 Downers Grove

Type: Full Time

Sentinel is seeking a Threat Investigation Team Lead to join their team. The Threat Investigation Team Lead is responsible for day-to-day operational assistance of the security operations team. Primary duties include assistance with analyst case load balancing, acting as an escalation point for operational and technical questions, delivering on customer requests and attending internal or customer-facing meetings as required by the business, participating in interviewing team candidates, and provide overall mentoring and support of junior level analysts to help the team succeed. Your success in this role is determined by your ability to collaborate, self-start, follow up, give and provide feedback, and provide excellent customer service to both internal and external stakeholders. Qualifications:

  • Six or more years of professional experience.
  • 5+ years of experience as a key member of a security operations team (SOC, Incident Response, Threat Intel, Malware Analysis, IDS/IPS Analysis, etc.).
  • Customer-first mindset with strong written, verbal, and interpersonal communication skills along with the ability to work in a highly collaborative environment as this is a customer facing role.
  • Strong ability to translate technical concepts and information into a form easily consumed by non-technical stakeholders.
  • Strong ability to self-direct, learn new things, think creatively, and adapt to new requirements.
  • Demonstrated strong initiative to proactively research new threats and stay current with the industry threat landscape and ability to translate that knowledge into practical application.
  • Strong adherence to defined workflow and processes.
  • Ability and confidence to exercise best judgment when the response is not well-defined.
  • The candidate follows an automation-first mindset.
  • Understanding of complex Enterprise networks (EDR, routing, switching, firewalls, proxies, etc.) including previous MSSP experience.
  • Experience with Security Operations Center network event analysis and/or threat analysis.
  • common/emerging attack techniques.
  • Experience in SIEM, network, and/or host-based analysis and investigations.
  • Previous experience in an MSSP or equally highly collaborative environment.
  • Related Certification (Network+, Security+, CCNA, GCIA, GSLC, GSTRT, GSOM, CCSP, CISSP, or equivalent in security operations leadership or cyber defense, with a preference to the former).
  • Ability to analyze endpoint, network, and application logs.
  • Strong knowledge in operating systems and their architectures and system internals.