Cyber Security Monitoring, Detection and Incident Response Lead - Bilingual English/Spanish

Overview:

We are seeking a bilingual, experienced and highly skilled Cyber Security Monitoring, Detection and Incident Response Lead to join our team. The ideal candidate will have a strong background in security operations, monitoring, detection, and response.

You will be responsible for leading efforts to monitor, detect, analyze, and respond to security incidents, ensuring that the organization’s networks, systems, applications and data remain secure against evolving cyber threats. This leadership role will focus on enhancing the effectiveness of our security monitoring, detection and response capabilities, managing incident response workflows, and coordinating security operations to ensure quick and effective responses to incidents and breaches.

This position is 100% remote in Colombia.

• Cyber Monitoring and Detection:
  • Lead the design, implementation, and management of security monitoring systems and processes to detect potential security incidents.
  • Oversee and optimize the use of Security Information and Event Management (SIEM) tools, including configuring alerts, use cases, dashboards, and reports to identify malicious activity and anomalies.
  • Ensure continuous monitoring of network, system, and application logs to detect threats in real-time, including the use of threat intelligence feeds and anomaly detection techniques.
  • Fine-tune detection rules and reduce false positives, ensuring that high-fidelity alerts are generated.

• Security Incident Response:
  • Design, implement, lead and manage the end-to-end incident response process, including preparation, detection, analysis, containment, eradication, recovery and post-incident activities.
  • Coordinate with internal and external stakeholders (IT, legal, communications, etc.) to ensure timely and effective handling of security incidents.
  • Develop, update, and test incident response playbooks, ensuring they are aligned with industry best practices and regulatory requirements.
  • Manage and refine security monitoring tools and procedures, ensuring they are aligned with organizational goals and risk management strategies.
  • Conduct post-incident reviews to identify root causes, weaknesses, and opportunities for the organization’s security posture improvement.
  • Conduct regular simulations (tabletop exercises, red teaming) to enhance the preparedness of the team and the organization in dealing with potential cyber incidents.

• Threat Intelligence Integration:
  • Integrate threat intelligence feeds and indicators of compromise (IOCs) into security monitoring systems to enhance proactive detection capabilities.
  • Leverage threat intelligence to inform incident response activities, providing context to security alerts and helping to identify emerging threats.

• Leadership, Collaboration & Reporting:
  • Identify, design, plan and lead implementation of automation opportunities.
  • Continuous improvement of the processes under your responsibility.
  • Collaborate with cross-functional teams (e.g., IT, development, operations) to ensure alignment of security practices with internal and external security requirements.
  • Lead the evaluation and selection of third-party vendors or tools for monitoring, detection and incident response.
  • Provide expert guidance on monitoring, detection and incident response to all levels of the organization.
  • Provide regular status reports and metrics on monitoring, detection and incident response activities (incidents, response times, trends, etc.) to senior leadership, offering actionable insights and recommendations for improvements.
  • Provide detailed reports on security incidents, including findings, root causes, impact analysis, actions taken, lessons learned, etc.
  • Maintain clear and accurate records of security incidents for audit and compliance purposes.

• Bilingual (English - Spanish) B2/C1.
• Education:
  • Bachelor’s degree in computer science. Post-graduate degree in cyber/information security is a plus.
• Certifications:
  • CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or CISA (Certified Information Systems Auditor) preferred.
  • Certifications in incident response, threat hunting and/or security operations (e.g., GCIH, GCFA) are highly desirable.
• Experience:
  • 7+ years of experience in cybersecurity, with at least 3 years in a monitoring, detection and incident response leadership role.
  • Proven experience in leading security operations teams, managing large-scale security incidents, and implementing incident response plans.
  • Hands-on experience configuring, operating and managing SIEM platforms (Splunk, QRadar, ArcSight, etc.) and other security security/monitoring tools (e.g., firewalls, FWaaS, IPS, EDR/NDR/XDR, SWG, ZTNA, CASB, WAF/WAAP).
  • Experience in threat hunting, malware analysis and forensics.
  • Experience in cloud security is a plus (Azure, AWS, Google Cloud, etc.).
• Skills & Competencies:
  • Strong knowledge of security incident management, threat detection, and response methodologies (e.g., NIST, SANS).
  • Strong knowledge of network services and protocols, security protocols and technologies.
  • Communication and presentation skills, with the ability to engage stakeholders.
  • Ability to stay current and adapt quickly to new regulations, emerging security trends, tools, and technologies.
  • Strong problem-solving and analytical skills, with the ability to manage complex security challenges.
  • Ability to remain calm under pressure and effectively manage high-stress situations.

#IN-ALIL