FirstBank Jobs

Role Value Proposition:

The Cyber Platforms and Automation team is primarily based out of MetLife’s global technology headquarters in Cary, NC. This team manages the key cybersecurity platforms including SIEM, UEBA, SOAR, MSV, NDR, and the Cybersecurity Lab, and develops security content and processes to automate threat detection and incident response. The team takes immense pride in pursuing the vision to transform the Security Operations Center (SOC) into next generation with AI-driven cybersecurity technologies and processes to detect and predict threats with high accuracy, to prevent and respond to threats with high efficiency.

This is an exciting opportunity to directly contribute to completing MetLife’s SOC visibility triad by establishing the network detection and response capabilities that will complement the existing logging and endpoint detection and response programs.

Success in this role requires you to demonstrate skills to work collaboratively with a very diverse group of stakeholders from global regions and backgrounds like cyber security experts, network engineers, infrastructure operations, Business leaders, etc. The ideal candidate will apply their deep experience in network security and engineering to bolster our threat detection and incident response capabilities across both traditional data center and public cloud environments. With a robust foundation in information security principles, you will play a vital role in protecting our organization's critical assets.

Key Responsibilities

The Security Lead, Network Detection, and Response will be responsible for the following tasks and activities:

Global Solution Deployment:

• Understand the regional network architecture and engineer NDR solution deployment by identifying the correct choke points to optimize packet capture and metadata collection.

• Architect and deploy software censors for the VMware infrastructure visibility for high-value assets and flow and packet collection for major cloud service providers (Azure, AWS, and GCP).

• Threat Detection and Analysis: Develop and maintain network security monitoring strategies for hybrid (data center and cloud) environments to proactively monitor, identify, and analyze anomalous network activity, leveraging NDR.

• Security Incident Response: Facilitate investigations into potential security incidents, providing in-depth analysis to determine the scope and impact. Collaborate on incident containment, remediation, and root cause analysis to mitigate risks.

• Signature and Rule Development: Create custom rule detection, tune existing rules to reduce false positives, and understand behavioral detection based on ML and AI.

• Threat Hunting: Facilitate conducting proactive hunts and campaigns for advanced threats and attack patterns across our network infrastructure, applying advanced analytics and threat intelligence.

• Continuous Improvement: Stay updated on the evolving threat landscape and emerging cybersecurity technologies. Propose enhancements to existing security systems, processes, and detection capabilities.

• Documentation and Reporting: Maintain detailed documentation of security incidents, investigations, and resolution steps. Provide clear reporting to management on security posture and identified risks.

Essential Business Experience and Technical Skills:

Required:

• Minimum of 7 years of proven experience in network security roles, with a solid background in network engineering/Microsoft cloud administration/Identity and Access Management

• Deep understanding of TCP/IP protocols, network traffic analysis, and common attack vectors.

• Proven experience with security information and event management (SIEM) solutions, IDS/IPS systems, Packet aggregator technologies, and network forensic tools.

• Expertise in network security monitoring and threat detection methodologies within public cloud platforms (AWS, Azure, GCP, etc.).

• Knowledge of data center network architecture, security best practices, and relevant technologies.

• Knowledge of modern adversary tactics, techniques, and procedures used to exploit Identity and Access

• Information Security: Strong foundation in information security principles, compliance frameworks, and risk management.

• Analytical Skills: Exceptional ability to analyze complex data sets, correlate events, and identify patterns indicative of malicious activity.

• Problem Solving: Highly methodical approach to troubleshooting, incident response, and root cause analysis.

• Ability to empathize and collaborate with colleagues, manage, and execute tasks, and prioritize efforts for risk reduction.

Preferred:

• Industry Certifications: Relevant technical and security certifications such as CISSP, GIAC, GCIH, and relevant network or cloud security certifications.

• Scripting/Automation: Proficiency in a scripting language (Python, KQL, SQL, etc.) for security automation tasks.

• Global Experience: Prior experience working on multiple global projects with regional partners.

At MetLife, we’re leading the global transformation of an industry we’ve long defined. United in purpose, diverse in perspective, we’re dedicated to making a difference in the lives of our customers.

Equal Employment Opportunity/Disability/Veterans

If you need an accommodation due to a disability, please email us at accommodations@metlife.com. This information will be held in confidence and used only to determine an appropriate accommodation for the application process.

MetLife maintains a drug-free workplace.