Analyze the latest attacker techniques and develop approaches to detect them across the company’s diverse environments and endpoints.
Define, implement, and tune detective capabilities and data sources to detect and remediate malicious activity
Work with engineering and operations teams to implement threat detection signals, deploy new tooling, and improve response capabilities.
Analyze security data and report on threats and incidents across various platforms and environments.
Use automation to improve identification and response time and reduce impact when an incident occurs
Establish processes and playbooks to respond to security events
What youll need
BS/MS in Computer Science, Information Systems, Electrical Engineering, or the equivalent in experience and evidence of exceptional ability.
Excellent understanding and experience in multiple security domains such as intrusion detection, incident response, malware analysis, application security, and forensics.
Experience detecting abuse and large-scale attacks in a diverse environment.
Experience in cloud environments (AWS/Azure) and Linux containers and orchestration systems
DevOps or security automation experience.
Experience working with multiple stakeholders such as engineering/operations teams, internal business units, external incident response teams, and law enforcement throughout the incident lifecycle.
Familiarity with the following detection-related disciplines with deep experience in one or more:
Large scale analysis of log data using tools such as Splunk or ELK.
Security automation using tools such as Phantom or Demisto.
File system, memory, or live response on Windows, MacOS and/or Linux.
Analysis of network traffic from intrusion detection systems and flow monitoring systems.
Host level detection with tools such as auditd, os-query, SysMon
Whats nice to have
Experience in a SaaS organization
Previous experience leading incidents
SANS certifications (GCIH, GFNA, GCIA, GSEC, etc.)
Experience working with distributed teams
Meet your team
Were Information Security. We protect TomToms infrastructure, applications, employees and customers. We work alongside Enterprise IT, Commercial IT, Legal, Finance and HR to minimize risk and increase resilience across the business. We take an intelligence-driven approach, relying on innovative commercial and open-source solutions to proactively identify vulnerabilities and contain threats. On our team, youll help secure a safe, connected, autonomous world that is free of congestion and emissions.