The Team You Will Join
The Cyber Platforms and Automation team is primarily based out of MetLife’s global technology headquarters in Cary, NC. This team manages the key cybersecurity platforms including SIEM, UEBA, SOAR, MSV, NDR, and the Cybersecurity Lab, develops security content and processes to automate threat detection and incident response. The team takes immense pride to pursue the vision to transform the Security Operations Center (SOC) to next generation with AI-driven cybersecurity technologies and processes to detect and predict threats with high accuracy, to prevent and respond to threats with high efficiency.
The Opportunity
The Security Lead, Network Detection and Response will be responsible for the following tasks and activities:
- Global Solution Deployment:
- Understand the regional network architecture and engineer NDR solution deployment by identifying the correct choke points to optimize packet capture and meta data collection.
- Architect and deploy software censors for the vmware infrastructure visibility for high value assets and flow and packet collection for major cloud service providers (Azure, AWS and GCP).
- Threat Detection and Analysis: Develop and maintain network security monitoring strategies for hybrid (datacenter and cloud) environments to proactively monitor, identify, and analyze anomalous network activity, leveraging NDR.
- Security Incident Response: Facilitate investigations into potential security incidents, providing in-depth analysis to determine the scope and impact. Collaborate on incident containment, remediation, and root cause analysis to mitigate risks.
- Signature and Rule Development: Create custom rule detection, tune existing rules to reduce false positive and understand behavioral detection based on ML and AI.
- Threat Hunting: Facilitate conducting proactive hunts and campaigns for advanced threats and attack patterns across our network infrastructure, applying advanced analytics and threat intelligence.
- Continuous Improvement: Stay updated on the evolving threat landscape and emerging cybersecurity technologies. Propose enhancements to existing security systems, processes, and detection capabilities.
- Documentation and Reporting: Maintain detailed documentation of security incidents, investigations, and resolution steps. Provide clear reporting to management on security posture and identified risks.
This is an exciting opportunity to directly contribute to completing MetLife’s SOC visibility triad by establishing the network detection and response capabilities that will complement the existing logging and endpoint detection and response programs.
Success in this role requires you to demonstrate skills to work collaboratively with a vey diverse group of stakeholders from global regions and backgrounds like cyber security experts, network engineers, infrastructure operations, Business leaders etc. The ideal candidate will apply their deep experience in network security and engineering to bolster our threat detection and incident response capabilities across both traditional datacenter and public cloud environments. With a robust foundation in information security principles, you will play a vital role in protecting our organization's critical assets.
Required Skills:
- Minimum of 5 years of proven experience in network security roles, with a solid background in network engineering/Microsoft cloud administration/Identity and Access Management.
- Deep understanding of TCP/IP protocols, network traffic analysis, and common attack vectors.
- Proven experience with security information and event management (SIEM) solutions, IDS/IPS systems, Packet aggregator technologies, and network forensic tools.
- Knowledge of datacenter network architecture, security best practices, and relevant technologies.
- Knowledge of modern adversary tactics, techniques, and procedures used to exploit Identity and Access
- Strong foundation in information security principles, compliance frameworks, and risk management.
Preferred Skills:
- Industry Certifications: Relevant technical and security certifications such as CISSP, GIAC, GCIH, relevant network or cloud security certifications.
- Scripting/Automation: Proficiency in a scripting language (Python, KQL, SQL etc) for security automation tasks.
- Global Experience: Prior experience to work on multiple global projects with regional partners.
- Expertise in network security monitoring and threat detection methodologies within public cloud platforms (AWS, Azure, GCP, etc.).