Manager, Security Operations

Job Description

Manager, Security Operations (Open to remote)

The Manager of IT Security Operations role with Penguin Random House, is for a hands-on technical role which requires good interpersonal and communication skills. Within the role you will be responsible for security related tasks, including the implementation of security operations center, and other operational duties. The responsibilities will vary from managing a team of analysts and working with the engineering and architecture group to provide defense in depth, performing assessments of security posture, making practical recommendations to reduce risks, helping realize change within the organization, and prevention and remediation of security vulnerabilities within cloud and traditional infrastructure using existing or new solutions.

Responsibilities:
• Identify, recommend, and develop capabilities to cover security gaps.
• Assist in enhancing processes and procedures across the environment.
• Act as the technical escalation point for technical issues within the program and work on security projects that will further mature the program.
• Provide direction on industry best practices to ensure the SOC constantly evolves as a Next Generation SOC.
• Apply principles, methods, and knowledge of the functional area to specific task requirements to develop solutions to complex problems.
• Conduct host forensics, network, log analysis, and malware triage in support of incident response investigations.
• Implement the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework for Intelligence Operations.
• Create security controls through ''user stories'' based on NIST SP800 guidance, and industry best practice to mitigate security risk or gaps in the security posture.
• Organize, categorize, and prioritize user stories and provide updates to allow efficient and effective re-use of stories across the enterprise, ensuring they contain testable acceptance criteria, and are documented in a format which is easy to share and explain along with having a clear definition of done.
• Support the design and deployment of incident response security solutions to facilitate a comprehensive defense-in-depth strategy and intrusion defense chain methodology.
• Provide engineering and technical assistance to support vulnerability scans, penetration testing, vulnerability analysis, scan analysis, and security analysis.
• Develop monthly reports that provide operational context on incidents that occur within the environment.

Required Qualifications:
• 5+ years of experience in security operations.
• 2+ years of experience in security incident response.
• 2 years of management experience
• Proficiency in Splunk, searching, alerting, dashboard creation, use case creation and tuning.
• Experience with scripting language such as JavaScript, Python, Perl, Groovy, Rudy, etc. and strong skills writing SPLUNK queries to create complex SPLUNK dashboards.
• Experience implementing the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework.
• Proficiency in investigating malicious behavior in cloud (AWS and Azure) and on-premise environments.
• Security certifications beneficial but not required.

Jobcode: Reference SBJ-r1oy40-18-189-2-122-42 in your application.