QUALIFICATIONS

• 10+ years of experience in cybersecurity, with a focus on threat detection and incident response
• Proven track record in managing and automating security operations and leading security teams
• Experience in designing and implementing automated detection and response strategies
• Experience in leading third-party security service providers
• Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM) or equivalent
• Additional relevant certifications (e.g., CEH, GIAC, GCIH) are a plus
• Demonstrated Teck values by being responsible and courageous, respectful and inclusive, and humble and driven
• An awareness of and ability to increase maturity by building on context, handle risk by assessing trade-offs, standardize process, and to keep Teck safe by anticipating needs
• Solid understanding of security operations, including threat intelligence, threat detection, incident response, and offensive security
• Proficiency in multiple security incident and event management (SIEM) platforms
• Expertise in security orchestration and automated response (SOAR) platforms
• Strong coding and scripting skills in Python, PowerShell, or similar languages
• Experience with detection rule languages and frameworks (e.g., YARA, Sigma)
• Knowledge of security automation tools and platforms (e.g., SOAR, XDR)
• Understanding of APIs and integration techniques for security tools
• Demonstrated personal accountability, transparency and an overall growth mentality

• Be a courageous safety leader, adhere to and sponsor safety and environmental rules and procedures
• Champion the 3 lines of defense model for risk management and act as a 2nd line of defense facilitator regularly interacting with the 1st line of defense
• Develop and implement automated detection rules and processes in SIEM and other security tools
• Write and maintain detection scripts and rule sets in code (e.g., using Python, YARA, Sigma)
• Build and maintain automated incident response playbooks and workflows using SOAR platforms
• Integrate detection and incident response tools with other security platforms to enable seamless, automated threat identification and response
• Conduct regular testing and validation of automated detection and response processes
• Collaborate with the threat intelligence team to ensure detection and response rules are informed by the latest threat intelligence
• Apply machine learning and artificial intelligence to improve detection and response capabilities
• Provide leadership, mentorship, and support to the team on day-to-day operations and critical initiatives