Vacancies Incident Response Technical Lead
Vacancies Incident Response Technical Lead
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
About AkzoNobel
Since 1792 weve been supplying the innovative paints and coatings that help to color peoples lives and protect what matters most. Our world class portfolio of brands including Dulux International Sikkens and Interpon is trusted by customers around the globe. Were active in more than 150 countries and use our expertise to sustain and enhance the fabric of everyday life. Because we believe every surface is an opportunity. Its what youd expect from a pioneering and long-established paints company thats dedicated to providing sustainable solutions and preserving the best of what we have today while creating an even better tomorrow. Lets paint the future together.
For more information please visit
2024 Akzo Nobel N.V. All rights reserved.
Job Purpose
Cyber security is a top priority for AkzoNobel as for any global organization operating in the cyberspace. Our objective is to protect our information and digital assets (IT and OT) by reducing our cyber risk exposure to pursue our business objectives.
As part of the new cyber security strategy supported by the ExCo we have recently redefined our security governance in line with the evolution of the threat landscape and modern best practices. In this regard the new Information Security function under responsibility of the CISO and part of the IT is responsible for Information and cyber security for the entire organization covering Cyber Risk Management & Compliance Security Architecture Security Operations and Cyber Security Awareness and Training.
We are looking for a seasoned and proactive Vulnerability Management Technical Lead to join our Cybersecurity Operations team. This role will be responsible for overseeing all technical aspects of security incident and alert management across the organization. You will serve as the central operational point of reference for incident detection investigation containment and resolution activities andbring deep technical expertise and strong leadership capabilities to ensure the continuous identification assessment and remediation of vulnerabilities. You will work with modern tools and technologies maintain visibility into the organizations risk exposure and deliver meaningful metrics to support security decisions.
Key Activities
Provide technical and operational leadership for incident and alert management processes ensuring day-to-day activities are executed effectively without operational gaps.
Deliver a real-time operational view and strategic (macro) oversight of the organizations security posture enabling data-driven decision-making through well-defined KPIs and KRIs.
Act as the lead investigator for major or complex incidents collaborating with internal and external stakeholders as needed.
Ensure regular activities such as alert triage incident response threat hunting and reporting are performed consistently and on schedule.
Prepare and present clear concise and data-backed reports on incident response metrics trends and security event outcomes to management and leadership.
Foster a supportive collaborative and high-performing environment mentoring team members and ensuring clarity of roles timely guidance and knowledge sharing.
Lead maturity assessments of the SOC IR capabilities using recognized industry frameworks (e.g. MITRE ATT&CK CMMI) and define tangible improvement paths.
Serve as a key contributor to the evolution of automation and orchestration in incident management using Microsoft Sentinel and Logic Apps.
Continuously evaluate and improve detection and response workflows across multiple security technologies and domains.
These key responsibilities are peered with key technologies (and linked skills) that are used in the company environment:
Microsoft Defender Suite (Endpoint Identity Office Cloud Apps)
Zscaler Technologies including ZIA and ZPA
Microsoft Sentinel and Azure Logic Apps (automation and orchestration)
Nozomi (OT/IoT network visibility and threat detection)
Familiarity with API integrations automation scripting (PowerShell KQL) and incident enrichment techniques is highly desirable.
Experience
- 5 years of hands-on experience in incident response SOC operations or threat detection roles within large and complex environments.
- Demonstrated experience leading incident response efforts in real-world scenarios including root cause analysis containment and lessons learned processes.
- Strong understanding of enterprise security architecture endpoint and network detection tools and alerting pipelines.
- Solid experience with Microsoft security technologies especially Microsoft Defender XDR and Sentinel.
- Practical knowledge of SOC automation practices using tools such as Logic Apps playbooks or SOAR platforms.
- Excellent communication and reporting skills capable of presenting technical content to both technical and executive audiences.
- Demonstrated ability to work collaboratively make sound decisions under pressure and coordinate across teams during high-impact security events.
- Strong knowledge of incident handling frameworks playbook development and SOC maturity models.
- Certifications in incident response such as GCIH GCFA GCIA or similar.
- General blue team certifications such as SC-200 AZ-500
- Experience in operationalizing threat intelligence and aligning detection strategies to frameworks such as MITRE ATT&CK.
- Prior experience assessing and improving SOC performance against frameworks like NIST MITRE D3FEND or CMMI.
At AkzoNobel we are highly committed to ensuring an inclusive and respectful workplace where all employees can be their best self. We strive to embrace diversity in a context of tolerance. Our talent acquisition process plays an integral part in this journey as setting the foundations for a diverse environment. For this reason we train and educate on the implications of our Unconscious Bias in order for our TA and hiring managers to be mindful of them and take corrective actions when applicable. In our organization all qualified applicants receive consideration for employment without regard to race color religion sex sexual orientation gender identity national origin age or disability.
Requisition ID:46483
Employment Type
Full Time
