Cybersecurity Operations Manager - Cyber Defense Professionals

Job Expired

About the job

Built on meritocracy, our unique company culture rewards self-starters and those who are committed to doing what is best for our customers.

The Security Operations Manager provides hands-on technical expertise and leadership in the Security Operations Center of the firm. This position is responsible for monitoring the IT Security environment to immediately detect, verify, and respond swiftly to cyber threats, e.g. vulnerability exploitation, malware, cyber-attacks, etc. This role effectively enhances the incident response operations of the organization by working closely with IT and business stakeholders to execute in a non-disruptive manner across the firm. This position within the Office of the CISO is instrumental in increasing the security posture of the firm. Working in conjunction with Architecture, IT Compliance and IT Infrastructure, this position will be a key contributor in executing the IT Security strategy, Security roadmap and formulation of the Security process relative to threat intelligence, security monitoring, security automation, intrusion detection/prevention, purple teaming, endpoint security, SIEM and SOC.

The Role

Mentor and grow security teammates
Increase the security maturity of the firm
Help provide strategic direction and planning
Ensuring security events and alerts are triaged and responded to timely, delivering top notch service and meeting/exceeding agreed upon SLAs
Creation of reports, dashboards, KPIs, metrics
Must be hands-on (working manager)
Responsible to build a cohesive team adhering to organizational culture and value systems
Implement, administer and support endpoint security software
Knowledge of a wide range of current security technologies such as vulnerability assessment tools, SIEM, firewalls, proxies, network and host-based intrusion prevention, DLP, etc.
Conduct investigations of security events (e.g., unauthorized access, non-compliance with company policies, fraud, service exploitation, etc.) to determine malfunctions, breaches, and remediation steps
Responds to daily service issues, problems, and critical situations to support resolution and minimize downtime
Administration and daily operation of SIEM technologies, including rule creation, reporting, correlation and performance monitoring
Execute automation playbooks for automated incident response investigations
Leverage firms’ threat intelligence sources & partners to maintain an understanding of emerging security threats and advanced threat actor’s capabilities
Integrate threat intelligence feeds and sources with firm’s security monitoring infrastructure
Leverage firm’s Continuous Testing framework to identify, design and deploy tests for firm’s security monitoring controls
Identify and implement tools to baseline activity and alert or limit suspicious activity and insider threat among networks, databases, data and users
Assist in selecting, implementing and managing of systems, tools, and processes that will keep the firm at the leading edge of security. This includes a continually-evolving inventory of gaps to be mitigated and formulation of a proactive strategy to evaluate and implement mitigating technologies
Continuously remain current on emerging security threats and technologies
Assists in the development and implementation of security policies and procedures (e.g., user log-on and authentication rules, security breach escalation procedures, security auditing procedures and use of firewalls and encryption routines)
Enforces security policies and procedures by administering and monitoring security profiles, reviews security violation reports and investigates possible security exceptions, updates and maintains and documents security controls
Prepares status reports on security matters to develop security risk analysis scenarios and response procedures
Other duties as assigned

Qualifications

Combined 5 – 10 years’ work experience in a relevant roles, i.e. Security Analyst/Engineer, Incident Response, Cybersecurity Threat Analyst, Security Operations Manager, etc. Must have management experience.
Problem solving and troubleshooting skills with the ability to exercise mature judgment
Excellent oral and written communication skills
Attention to detail in conducting analysis combined with an ability to accurately record full documentation in support of assigned work
Experience with event analysis leveraging SIEM tools
Log parsing and analysis skill set and previous experience developing and refining correlation rules
Hands-on experience deploying & operating security technologies including devices, networks and systems that prevent, detect & respond to security threats
Strong understanding of security operations concepts such as perimeter defense, BYOD management, data loss protection, insider threat, kill-chain analysis, risk assessment and security metrics
Strong understanding of network protocols
Development/scripting experience: Python and/or PowerShell.
Experience with Signature development/management (e.g. Snort rules, Yara rules)
Knowledge of protocol analysis and tools (e.g. Wireshark, Gigastor, Netwitness, etc.)
Working knowledge of current cyber threat landscape (e.g. threat actors, APT, cyber-crime, etc.)
Working knowledge of Windows and Unix/Linux, Firewall and Proxy technology
Knowledge of malware operation and indicators, DLP monitoring
Knowledge of forensic techniques
Knowledge of penetration techniques
Knowledge of DDoS mitigation techniques
Ability to self-organize, prioritize activities independently, create documentation and reports
Thinks both tactically and strategically
Enables creative solutions by stimulating ideas through discussion and collaboration
Able to work on multiple activities at the same time, organizing and prioritizing as needed to accomplish goals
Manages uncertainty well – able to assess and act with good enough but imperfect or incomplete information
Strong written and oral communication skills with the ability to explain technical ideas to non-technical individuals at any level
Possess a blue-collar work ethic with the willingness to wear many proverbial ‘hats’ and have a flexible outlook towards your work
Be competitive and have a performance-based drive to succeed, including self-sufficiency and the ability to work as part of a team
Have a passion for Cyber Security