Avp, Threat Informed Defense Engineer

Role Title AVP Threat Informed Defense Engineer L10 Company Overview Synchrony NYSE SYF is a premier consumer financial services company delivering one of the industrys most complete digitally enabled product suites Our experience expertise and scale encompass a broad spectrum of industries including digital health and wellness retail telecommunications home auto outdoors pet and more We have recently been ranked 2 among Indias Best Companies to Work for by Great Place to Work We were among the Top 50 Indias Best Workplaces in Building a Culture of Innovation by All by GPTW and Top 25 among Best Workplaces in BFSI by GPTW We have also been recognized by AmbitionBox Employee Choice Awards among the Top 20 Mid-Sized Companies ranked 3 among Top Rated Companies for Women and Top-Rated Financial Services Companies Synchrony celebrates 51 women diversity 105 people with disabilities and 50 veterans and veteran family members We offer Flexibility and Choice for all employees and provide best-in-class employee benefits and programs that cater to work-life integration and overall well-being We provide career advancement and upskilling opportunities focusing on Advancing Diverse Talent to take up leadership rolesOrganizational Overview This role is part of the Threat Informed Defense organization responsible for researching developing and maintaining cyber detection capabilities The team also manages and sources Technical Intelligence leveraging it to enhance and refine detection methods and defenses against relevant threats Additionally it collaborates with the SOC Function JSOC and other partners to deliver high-fidelity security alerts safeguarding Synchrony from cyber threats Role Summary Purpose The role of the Threat Informed Defense Engineer involves developing and maintaining automated processes that help to minimize cyber risk by improving the organization s ability to identify and respond to threats in an efficient manner The team-member will partner with members of cyber operations information security and the larger business to identify automation use-cases that they will then design develop and implement Ideal candidates will have strong DevOps skill sets with knowledge of cyber detection concepts strategies and security tools More so the ideal candidate will be capable of critical thinking and problem solving with a customer-first attitude This is an IC role and position is remote where you have the option to work from home On occasion we may request for you to commute to our nearest office for in person engagement activities such as team meetings training and culture events To ensure the safety of our colleagues and communities we require employees who come together in-person to be fully vaccinated Were proud to offer you choice and flexibility Key Responsibilities Exhibit expertise in promptly identifying evolving cyber intelligence testing Tactics Techniques and Procedures TTPs within a secure lab setting and developing custom detection content to address identified gaps Demonstrate a forward-thinking approach to prioritize and refine a backlog of detection content leveraging Agile methodologies to ensure proper resource allocation and timely execution of high-priority initiatives Proactively identify emerging cyber threats conducting thorough assessments to gauge their potential impact on Synchrony Experience and comfort with detection strategies and implementations in multiple OS Windows MacOS Linux and with cloud-based architectures Amazon Web Services and Microsoft Azure Foster cross-functional collaboration with CyberOps teams contributing to the enhancement of detection alerting strategies This includes spearheading initiatives such as designing detection pipelines refining alert mechanisms and optimizing existing alerting processes Develop a deep understanding of Synchrony s cyber tool ecosystem enabling informed recommendations for strengthening control mechanisms and fortifying defenses against potential cyber threats Coordinate with Information Security teammates to manage and optimize detection content and alerting logic for key systems including security information and event management SIEM intrusion detection prevention IDS IPS Next Generation AV NGAV Endpoint Detection and Response EDR User Entity and Behavior Analytics UEBA platform amongst other core security tools Assist in creation and implementation Ability to automate tasks with APIs and serverless scripting Design and implement automated security solutions for AWS cloud infrastructure Develop and maintain security automation scripts and tools Perform cleanup and sanitation of incoming log sources and events Keeping up with the latest and greatest tools and techniques for combating security threats Partner with technology leaders in adherence to technology strategy and roadmap Support the day-to-day operations of the Security Operations program Maintain knowledge of current security trends and be able to clearly communicate them to the team Assist in responding to emergency situations and security incidents Required Skills Knowledge Bachelors degree with 4 years of Information Security or Intelligence experience OR in lieu of degree 6 years of Information Security or Intelligence experience Able to communicate complex information concepts or ideas in a confident and well-organized manner through verbal written and or visual means Demonstrated competence in Python and Splunk Search Processing Language SPL Demonstrated competence in Agile methodologies Past experience in a threat intelligence threat hunt or red team capacity in which use of threat intelligence and attack-focused frameworks was utilizedAble to function effectively in a dynamic fast-paced environment xe2x80x8bDesired Skills Knowledge Applicable Information Security professional certifications e g SANS AWS Security based certifications and tool specific certifications Ability to work independently as well as part of a team Highly analytical detail-oriented and strong problem solving with a common-sense approach to resolving problems Expertise to clearly define complex issues despite incomplete or ambiguous information Strong oral and written communications skills Strong interpersonal and critical thinking skills Experience with Cloud Foundry Docker is a plus Prior SOC cyber intelligence or incident response detection engineering experience is a plusEligibility CriteriaBachelors degree with 4 years of Information Security or Intelligence experience OR in lieu of degree 6 years of Information Security or Intelligence experience Work Timings 03 00 PM to 12 00 AM ISTFor Internal Applicants Understand the criteria or mandatory skills required for the role before applyingInform your manager and HRM before applying for any role on WorkdayEnsure that your professional profile is updated fields such as education prior experience other skills and it is mandatory to upload your updated resume Word or PDF format Must not be any corrective action plan First Formal Final Formal LPP L8 Employees who have completed 18 months in the organization and 12 months in current role and level are only eligibleL08 Employees can applyGrade Level 10Job Family Group Information Technology