Job Description
What part will you play?
The Director is responsible for strategy and day-to-day activities of the Defensive Security Operations Center and Counter Threat Unit. The Center's purpose is to serve as the company's first line of defense against cyber security threats. The Director will have a management team reporting to him/her in areas including Security Operations and Monitoring, Security Incident Response, Red Team, Threat Hunting, and Threat Intelligence.
What will you be doing?
• Oversees the development and implementation of the company's Defensive Security Operations Center and Counter Threat Unit designed to detect, contain and remediate risk from cybersecurity events
• Build and Develop new programs - including a Red Team, a Threat Intelligence program, and Threat Hunting capabilities
• Manage and evolve the internal Security Operations Center to detect and respond to attacks
• Enhance the operational efficiency and effectiveness of existing security tools
• Oversee the implementation and management of key security tools, partnerships and processes used to manage the company's day to day cybersecurity risk
• Key tools include vulnerability management software, SIEM tools, Intrusion Detection data analytics, endpoint detection and response (EDR) platform, anti-malware/anti-exploitation, and forensics software
• Key partnerships include the company's managed security monitoring and security incident response partner
• The team is responsible for assessing and prioritizing risks and coordinating remediation with relevant development or operations groups
• Create and develop ''red team'' capabilities focused on using ethical hacking techniques to identify key threats and vulnerabilities within the company
• Other duties as assigned
What do we require from you?
• 10-12 years Information Security management experience
• 10-15 years of technology experience
• 3-5 years in either Security Operations or Incident Response
• Deep technical comprehension about Intrusion Detection, Network Packets, Host Forensics (Windows / Linux)
• Deep understanding of Cloud services (Infrastructure as a service) and investigations within the services, including intricacies of a shared services models
• Familiar with active threats and threat actors
• Familiarity with SIEM, logging, monitoring, and investigation tools
• Versed in forensics investigations techniques
• Able to translate attacker TTPs into actionable detection and response capabilities
• Programming, network security, application security experience
• Ability to multi-task, present to executive staff members, and decorum in high pressure situations
• Excellent written and verbal communication skills
• Experience leading large, complex projects
• Ability to analyze complex events using data from multiple sources
• Ability to lead and organize complex remediation efforts
• Manage and collaborate with highly technical teams
Jobcode: Reference SBJ-d81179-3-91-245-93-42 in your application.