Hiring - Security Lead - Bridgewater, NJ
0 views
Skip to first unread message
Bishwa Mahato
12:27 PM (11 hours ago) 12:27 PM
to Bishwa Mahato
Role: Security Lead
Location: Bridgewater, NJ - onsite at client site.
JD
Primary skills: Cybersecurity governance, risk management, and compliance oversight.
Secondary skills: Cybersecurity compliance disciplines and skillset
Job Responsibilities:
1. Daily operational delivery – Work hand in hand with identified customer security leadership teams and offshore security lead/SME’s of individual cyber technology towers; to deliver day-to-day cyber security oversight onsite. A typical day includes:
a. Morning check-in with client security/IT leads
b. Review of overnight SOC alerts
c. Review security dashboards/metrics (SIEM health, endpoint coverage, critical control status) and confirm telemetry is flowing
d. Vulnerability scans and ticket queues
e. Triage and risk-based prioritization of issues; coordination with infrastructure, application, network and IAM teams for remediation.
f. Validate patching and remediation progress for top risks (critical CVEs, misconfigurations) and remove blockers
g. Review/approval of security exceptions and change requests
h. Participation in project and architecture discussions to embed security controls early; walkthroughs of compliance/audit evidence needs and policy adherence
i. Status reporting (metrics, risks, blockers, and actions) to stakeholders
j. End-of-day follow-up to confirm progress, escalate urgent items, and prepare the next day’s priorities.
k. Check privileged access activity (PAM alerts, break-glass use, new admin grants) and confirm approvals are documented
l. Oversee EDR/AV exceptions (new exclusions, tuning requests) and ensure compensating controls are in place
m. Daily incident readiness actions: confirm on-call/escalation paths, validate open incident tickets, and run quick “what changed?” checks
n. Threat Client / emerging risk review relevant to the client environment and translate into actionable checks/hunts
o. Run/coordinate a short risk & issue triage huddle (top 5 risks, new findings, due dates, owners)
p. Vendor/service review touchpoints (SOC/SIEM provider quality, false-positive tuning, SLA adherence)
q. Communicate security advisories to onsite teams (maintenance windows, high-risk findings, required user actions)
2. Provide Cyber Security Leadership - Provide leadership in all security areas to ensure our external system partners are minimizing cyber security risks, this includes the following areas of security specialization:
• Security Architecture
• Governance, Risk & Compliance
• Identity and Access management
• Firewall architecture and integration
• Cyber Threat Research
• Vulnerability Assessment and Pen testing
• Security Project Management
• SOC Analysis
3. Security Operations – Oversee all security operations including managing our external SOC relationship and activities to ensure their correct classification of vulnerabilities/issues and their timely resolution. Provide risk-based activities prioritization, tracking, reporting, and liaising with external vendors and internal stakeholders. Develop a budget and operating plan for the security program. Exercise good judgement when dealing with issues and ensuring a sense of urgency in their resolution while remaining calm and focused.
4. Security Planning and Projects - Design, implement, and maintain cyber security plan that includes an evaluation method to assess the security program strengths and identify areas for improvement. Initiate, oversee, and report on projects that will improve our security stance. Lead the planning and the decision support process for the security program, coordinating with a variety of internal stakeholders & senior executives. Research and evaluate new cybersecurity threats, IT trends, and security controls. Ensure response plans are kept up to date and communicated to leadership in addition to leading preparation sessions for cyber response (tabletop) and leading forensic investigations when necessary.
5. Security Processes - Develop, implement, and oversee enforcement of security policies, procedures and work plans based on industry best practices. Ensure that IT security audits are conducted. Develop and deliver cyber training and testing. Produce reports that help drive a strong cyber security position that provide enough detail for action, but in a format that can be easily understood by management. Drive a culture to stay current on the latest cyber security trends, emerging technologies, threats, and incorporate appropriate safeguards into our security program.
Location: Bridgewater, NJ - onsite at client site.
JD
Primary skills: Cybersecurity governance, risk management, and compliance oversight.
Secondary skills: Cybersecurity compliance disciplines and skillset
Job Responsibilities:
1. Daily operational delivery – Work hand in hand with identified customer security leadership teams and offshore security lead/SME’s of individual cyber technology towers; to deliver day-to-day cyber security oversight onsite. A typical day includes:
a. Morning check-in with client security/IT leads
b. Review of overnight SOC alerts
c. Review security dashboards/metrics (SIEM health, endpoint coverage, critical control status) and confirm telemetry is flowing
d. Vulnerability scans and ticket queues
e. Triage and risk-based prioritization of issues; coordination with infrastructure, application, network and IAM teams for remediation.
f. Validate patching and remediation progress for top risks (critical CVEs, misconfigurations) and remove blockers
g. Review/approval of security exceptions and change requests
h. Participation in project and architecture discussions to embed security controls early; walkthroughs of compliance/audit evidence needs and policy adherence
i. Status reporting (metrics, risks, blockers, and actions) to stakeholders
j. End-of-day follow-up to confirm progress, escalate urgent items, and prepare the next day’s priorities.
k. Check privileged access activity (PAM alerts, break-glass use, new admin grants) and confirm approvals are documented
l. Oversee EDR/AV exceptions (new exclusions, tuning requests) and ensure compensating controls are in place
m. Daily incident readiness actions: confirm on-call/escalation paths, validate open incident tickets, and run quick “what changed?” checks
n. Threat Client / emerging risk review relevant to the client environment and translate into actionable checks/hunts
o. Run/coordinate a short risk & issue triage huddle (top 5 risks, new findings, due dates, owners)
p. Vendor/service review touchpoints (SOC/SIEM provider quality, false-positive tuning, SLA adherence)
q. Communicate security advisories to onsite teams (maintenance windows, high-risk findings, required user actions)
2. Provide Cyber Security Leadership - Provide leadership in all security areas to ensure our external system partners are minimizing cyber security risks, this includes the following areas of security specialization:
• Security Architecture
• Governance, Risk & Compliance
• Identity and Access management
• Firewall architecture and integration
• Cyber Threat Research
• Vulnerability Assessment and Pen testing
• Security Project Management
• SOC Analysis
3. Security Operations – Oversee all security operations including managing our external SOC relationship and activities to ensure their correct classification of vulnerabilities/issues and their timely resolution. Provide risk-based activities prioritization, tracking, reporting, and liaising with external vendors and internal stakeholders. Develop a budget and operating plan for the security program. Exercise good judgement when dealing with issues and ensuring a sense of urgency in their resolution while remaining calm and focused.
4. Security Planning and Projects - Design, implement, and maintain cyber security plan that includes an evaluation method to assess the security program strengths and identify areas for improvement. Initiate, oversee, and report on projects that will improve our security stance. Lead the planning and the decision support process for the security program, coordinating with a variety of internal stakeholders & senior executives. Research and evaluate new cybersecurity threats, IT trends, and security controls. Ensure response plans are kept up to date and communicated to leadership in addition to leading preparation sessions for cyber response (tabletop) and leading forensic investigations when necessary.
5. Security Processes - Develop, implement, and oversee enforcement of security policies, procedures and work plans based on industry best practices. Ensure that IT security audits are conducted. Develop and deliver cyber training and testing. Produce reports that help drive a strong cyber security position that provide enough detail for action, but in a format that can be easily understood by management. Drive a culture to stay current on the latest cyber security trends, emerging technologies, threats, and incorporate appropriate safeguards into our security program.
Reply all
Reply to author
Forward
0 new messages