Manager, Cyber Security Operations

Job Classification:

Technology – Information Security

Prudential’s Global Technology (GT) team is the spark that ignites the power of Prudential for our customers and employees worldwide. Our organization plays a critical and highly visible role in delivering customer-driven solutions across every area of the company. The Global Technology team is made up of diverse, agile-thinking, and highly skilled professionals; we use our combined capabilities to enable the organization with innovation, speed, agility, scalability, and efficiency.

The Global Technology team takes great pride in our culture where digital transformation is built into our DNA. When you join the Global Technology organization at Prudential, you’ll unlock a challenging and impactful career – all while growing your skills and advancing your profession at one of the world’s leading financial services institutions.

The Cyber Security Operations Center (CSOC) within the Information Security Office (ISO) of Prudential is looking for a talented Manager, Cyber Security Operations. As a Manager, Cyber Security Operations, you would be functioning as the first line of defense for the company. This position is much more than just watching an incident queue. You will have the opportunity to develop integrations, correlations, and SIEM content to better protect the environment. The CSOC, and the larger ISO, are dynamic teams that look for self-motivated talent, meaning the CSOC will embrace and leverage the background and skill sets you bring to the table to better the overall organization. Ideal candidates will enjoy solving complex puzzles (also known as security incidents) in a fast-paced Information Security environment. Candidates would utilize their background in networking, operating systems, and security tools/knowledge to not just remediate any incidents that arise; but, also work with the CSOC Director and CSOC Infrastructure Director/CSOC Infrastructure Team to create custom detections, alerts, and reporting to further improve the capabilities of the CSOC. Ideal candidates are comfortable working in a potentially high stakes environment, while working off potentially incomplete/not ideal information/conditions. Being a high-tier Analyst, this position is expected to help the CSOC Director in leading the team of Analysts, potentially functioning as a site/shift lead, performing peer review, and helping to roll out new processes to the team. This position is expected to be actively involved in the direction and improvement of the CSOC, given the candidate’s technical depth, as well as their knowledge of day to day operations. Candidates will be working under an experienced management team that has collectively over 25 years of InfoSec experience and has lived the life of an Analyst. Besides the more traditional SOC work event investigation/management, the candidate will have opportunities to become involved in the configuration of the tools/products used by the CSOC to better the CSOC as a whole. By joining the Prudential CSOC the candidate will have the opportunity to not just join a rapidly evolving team but provide their input towards the direction of the organization. Additionally, Prudential believes in keeping up/expanding the technical and soft skills of our CSOC team members as they progress.

Expectations:

• Analyze potential security incidents to determine impact/scope of the incident, leading the team through complex analysis and incident response activities.
• Follow and help create Incident Response procedures to perform preliminary log collection and incident investigations, determining the cause of the security incident, containing the threat, and building protections against future infections.
• Interface and drive response/project work forwards with technical personnel and other teams in the ISO as well as the larger organization as required.
• Follow and help create escalation procedures to counteract and contain potential threats.
• Appropriately inform and advise CSOC Director on incidents and incident prevention, while helping to coordinate the Analyst Team and while functioning as site/shift lead(s).
• Drive documentation improvements of CSOC processes/tools/knowledge based upon observations and feedback from the Analyst Team.
• Lead and plan knowledge sharing with Analysts while developing solutions/processes/detections efficiently.
• Conduct network, endpoint, and log analysis by utilizing various consoles on a regular basis (e.g., SIEM, IPS, firewall, EDR, Advanced malware detection etc.).
• Help lead the Analyst Team to leverage the toolset to investigate incidents using computer/network forensic techniques to reconstruct events, identify unknown intrusions through use of indicators of compromise, and to identify and track any lateral movement.
• Candidate is expected to help lead interactions with other team members, management, and other IT teams (Workstation, Network, Server, Cloud, etc.).
• Maintain the integrity and security of enterprise-wide cyber systems and networks by coordinating internal team and larger Prudential resources during enterprise triage/incident response efforts.
• Utilize a deep understanding of attack signatures, tactics, techniques, and procedures associated with advanced threats, while using security domain knowledge to improve Prudential’s defenses/detection mechanisms.
• Assist the CSOC Director in briefing the CISO can senior management.
• Drive Prudential’s automation and programmatic improvement of cyber response processes forwards.
• Working closely with the Hunting as well as the Cyber Threat Intelligence teams to operationalize new use cases, detections, and intelligence.
• CSOC team provides 24x7x365 support, shifts vary with multiple tiers of support.

Qualifications:

• Bachelor’s degree in Information Technology, Information Security, Computer Science, or a related discipline; OR 4 years equivalent direct work-related experience in lieu of a degree
• Experience (5+ yrs.) in a corporate IT environment in addition to a degree
• 3+ years working in Cyber Security Operations, preferably 2+ years working in the higher tiers of SOC.
• Deep understanding of IT Security practices/programs/tooling, with demonstrated examples of driving initiatives forwards.
• Documentation/process experience, in IT, Cyber Security, and a SOC environment.
• Advanced oral and written communication skills demonstrated in an IT or security related area.
• Advanced and in-depth problem solving & analytical skills demonstrated in an IT or security related area, preferable in a SOC/IR environment.
• Deep understanding of networking concepts and tools, demonstrated exposure/expertise a plus.
• Team player that cannot just work with team members and businesses partners around the world in different time zones and with a diverse cultural background while being respectful of local customs, but also help lead said groups.
• Demonstrated passion about the information security field and cyber defense, including commitment to training, self-study, and maintaining proficiency in the technical cyber security domain.
• IT Security certifications (e.g., Security+, GSEC, GCIH, GMON, GCTI, GNFA, GCWN, GREM, OSCP, other advanced cyber security certifications, etc.).
• Innovative and willing to raise unique/original ideas.
• Knowledge of Splunk (ES & Phantom) / Splunk certifications a huge plus. Exposure to/knowledge of other SIEM/SOAR tooling a plus.
• Demonstrated previous systems, cloud, endpoint, networking, server, deep knowledge. Administration of said tools/systems a plus.
• Scripting background (Python, Perl, bash, etc.) a huge plus.
• Familiarity with sandboxing solutions and malicious file analysis a plus. Prior work with malware labs/sandboxes a major plus.
• Automation experience a major plus, especially in a SOAR or SOC/IR context.
• Demonstrated exposure to Cyber Threat Intelligence and its operationalization with a security operations environment.