The Director of Information Security Operations will be the primary lead to build our Security Operations Center (SOC) in partnership with a Managed Security Services engagement, establishing the procedures and staff in order to support this business objective. This role will manage a team of SOC analysts and security engineers and MSSP in support of 24x7x365 operations.
Responsibilities:
1. Develop the operational and security rules, process, procedures, which are in alignment with various groups including engineering owners. Keen ability to optimize these processes for automation.
2. Training a global team from the ground up.
3. Create a strong communication process between Security teams and IT operational organizations
4. Responsible for Security Incident Response and Triage
5. Primary Representation of the SOC in customer facing interactions
6. Experience managing independently, while still having the ability to grow and groom managers, stay technically connected
7. Excellent written & communication skills
8. Manage the Computer Incident Response Team (CIRT).
9. Partner with other IT Operations managers to align goals and priorities with tools and intelligence analysis.
10. Responsible to developing appropriate shift coverage and procedures for ensuring a 24X7 SOC monitors and responds to all security incidents.
11. Ensure response processes integrate seamlessly into the incident management processes.
12. Provide technical and functional mentoring to team members.
* BS degree in Computer Science, IT Management, Cyber Security, or relevant field/technology or equivalent years of experience
* 10 to 15+ years of work experience as manager of a Security Operations Center and/or Managed Security Services Provider
* 5 to 7+ years of progressive experience with increasing responsibilities within a Security Operations environment
* Proven experience in planning, organizing, and developing the strategy for a 24x7x365 SOC/MSSP
* Ability to lead a team, promote and foster collaboration, and be a strong leader in the face of a new and changing environment.
* Experience managing staff in a technical security operations center environment (SOC)
* Experience developing and documenting operational procedures; training operations staff for continuous improvement; generating security metrics and reports
* Excellent communication, writing and interpersonal skills
* Broad information security knowledge, including familiarity with common attack methodologies, tactics and protocols, Advance Persistent Threat groups and Hacker activity
* Significant experience in network intrusion detection, including experience using common network monitoring tools - IDS, IPS, SIEM and Syslog
* Experience with packet capture analysis and common network forensics and analysis tools - Wireshark, Kali, Netcat, TCPDump and NMAP
* Experience reviewing and analyzing large amounts of raw log data (firewall, network flows, IDS, system logs)
* Familiarity with incident management procedures
* Possess a strong foundation in networking fundamentals with deeper knowledge of TCP/IP and other core protocols
* Knowledge of common network based services and common client/server applications
* Familiarity in a command line environment in all operating systems
* Excellent problem solving and analytical skills
* Experience managing staff in a mission critical security operations center, preferably 24x7
* Experience with enterprise level security incident event management tools such as ArcSight, Splunk, or QRadar
* Experience analyzing phishing attacks
* Scripting (Python, Perl or Shell)
* CISSP, CEH, GIAC, OSCP are desired certifications
* Must have legal right to work in the US
Pass it on for Referral Bonus. Not the right role for you, but know someone we should meet? Share with him to earn $1,000 referral bonus.
Posts
