Team Leader Cybersecurity Americas (15903)

Transport is at the core of modern society. Imagine using your expertise to shape sustainable transport and infrastructure solutions for the future? If you seek to make a difference on a global scale, working with next-gen technologies and the sharpest collaborative teams, then we could be a perfect match.

Who we are: We, at Enterprise IT Security, are on a mission to secure the IT journey for the Volvo Group. We work closely together with stakeholders across several Business Areas (BAs), Truck Divisions (TDs), and Group Functions (GFs). While the BAs are responsible for driving the business, the TDs provide research, development, purchasing, manufacturing, and assembly. Within Volvo Group, the GFs own the Group agenda, provide strategic direction, and have global responsibility in group-wide functions such as IT, legal, compliance, and security. With Enterprise IT Security, you will be part of Group Digital & IT (Group Function). A global and diverse team of highly skilled professionals who work with passion, trust each other, and embrace change to stay ahead. Enterprise IT Security (EITS) works in close collaboration with both Group Security function and security functions within TDs, BAs, and GFs. Together we work to build a security posture that is best in class.

What you will do

Lead the cybersecurity operations center (CSOC) during the assigned shift and escalate relevant issues to the Head of SOC. Provide guidance and management to CSOC analysts on a daily basis. Communicate regularly with the Head of SOC to provide updates on Cybersecurity Monitoring posture. Design, develop, and implement cybersecurity capabilities to investigate, identify, and actively defend the Volvo Group infrastructure against Advanced Persistent Threats. Work closely with the Head of SOC as well as other supervisors to meet/exceed service levels.

Primary Duties & Accountabilities:

1. Supervise on-duty CSOC personnel. Perform and document work activities relating to ongoing Incident Response (IR) and active investigations. Work closely with the Head of SOC as well as other supervisors to perform duties in support of the CSOC mission.
2. Provide a point of escalation for Security Monitoring analysts. Provide direction and support in the identification, detection, containment, eradication, and recovery of incidents. Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation. Perform analysis of log files from a variety of sources (host logs, server logs, network traffic logs, firewall logs, intrusion detection/prevention system [IDS/IPS] logs) to identify possible threats to the Volvo Group digital infrastructure.
3. Maintain and enforce adherence to the Volvo Group Cyber Defense Center standards, policies, and procedures.
4. Participate in efforts to analyze and define security filters and rules for a variety of security parameters. Recommend short- and long-term adjustments to controls for immediate and future identification, containment, and remediation. Provide direction on signatures, rules, alerts, parsers, and custom scripts to enhance the Volvo Group defensive perimeter.
5. Oversee updates to documentation of the CSOC. Contribute to process definitions and development. Maintain and audit documented procedures and playbooks, including process integration with managed service providers, 3rd party vendors, internal IT organizations, and truck division/business area/group functions. Write and publish cyber defense techniques, guidance, incident response documentation, and reports to appropriate constituencies. Perform cyber defense trend analysis and reporting.
6. Remain up-to-date on the latest cybersecurity information in order to validate the identification, detection, and investigation capabilities of the Volvo Group's security operations technologies and capabilities.