The Director of Incident Response leads the company's enterprise-wide Security Operations practice, which includes the 24x7 Security Fusion Center operations team. IIS is responsible under the guidance of the CISO and team comprehensive information and cyber security across both the Enterprise and our Xfinity branded technology platforms. Responsibilities providing day-to-day leadership of a team of security specialists monitoring security events and will also provide leadership for the execution of the response and remediation activities minimizing overall risk to the business. Excellent communications and business acumen skills are essential.
Tell me about yourself - The perfect answer - For more visit www.careeradvice.org
Core Responsibilities
Partner with other security organizations and key internal stakeholders to ensure that security monitoring strategy are in conformity with overall security strategy.
Provide guidance and content expertise the content and quality of logs across broad technology platforms.
Manage and develop the Security Operations program, strategy, policies and processes; assist in creating and maintaining appropriate security policies and procedures governing data, networks, and application systems.
Analyze, recommend and implement monitoring and compliance procedures based on external and internal information security risk and vulnerability assessments.
Maintain security and operational efficiency metrics through comprehensive reporting, including dynamic data mining, historical reporting, self-auditing and tracking capabilities.
Maintain and update the corporate wide cyber incident response plan along with managing escalations and notifications to key stakeholders and executive leadership.
Manage 1st level triage security forensics activities on potential compromised systems and unauthorized changes to production configurations.
Manage the "Chan-of-Custody" for all evidence collected during security investigations.
Update Security Response Center Situational Awareness Dashboard communicating active security threats and issues on the production network.
Build efficiencies in incident tracking and handling via automation.
Lead the development and update of recovery and continuity plans and procedures for the Security Fusion Center.
Keep current with new developments in the security industry including advisories, malware, vulnerabilities and viruses; evaluate and report on their potential business impact.
Stay abreast of industry best practices in risk management techniques and integrate new methods and tools as appropriate.
Provide input to other security disciplines on projects or efforts based on cyber activity or threats encountered by the Security Fusion Center.
Provide security education and awareness activities pertaining to the Operational Security practices of the Security Fusion Center.
Maintain security operations & administration procedures, Runbooks or Event Trees to ensure daily operations and administration tasks are documented in a clear and concise fashion.
Ability to direct the team and manage simultaneous large/small projects with minimal supervision.
Work with internal teams to continually improve processes used to identify security issues.
Ensure timely proactive identification and reporting of security gaps and vulnerabilities to the network infrastructure.
Provide coaching and mentoring to security operations people leaders and team members, recommend training as appropriate, and provide guidance and direction to staff related to career planning.
Establish program to reinforce existing staff on Security Response Center practices and procedures.
Establish and/or maintain department project plans with clear tasks and delivery dates.
Ability to support negotiations on scope of work as well as manage work with outside vendors / integrators. This includes SOW, MSA, NDA's, along with full financial tracking and defining business benefits.
Maintain up-to-date knowledge of evolving threats by participating in educational opportunities and conferences, and reading professional publications
Foundational knowledge of Security Incident Event Management systems
Essential Skills:
Ability to direct teams located at multiple locations and able to track & manage simultaneous activities
Ability to facilitate activities, tasks and deliverables of managed services providers.
Possesses strong written and verbal communication skills with both technical and non-technical audiences.
Cool under pressure, objective and diplomatic.
Above average analytical skills.
Able to work collaboratively with minimal supervision as part of a multi-disciplinary team.
Understands when to escalate and can influence without direct authority.
Incident handling and forensics skills including knowledge of common probing and attack methods, network/service discovery, system assessment, viruses and other forms of malware.
Knowledge of confidentiality of information, privacy protection, data security and other information security issues important in a client focused company.
Strong human relations skills to select, develop, mentor, discipline and reward employees.
Must be able flexible in work schedule to allow for management of 24x7 team.
Required Qualifications:
7+ years of experience leading Cyber Security Operations teams utilizing a Security Incident Event Management solution
Minimum 10+ years of experience in monitoring security events and security incident handling
Minimum 10+ years in security incident response and technical forensics investigation
Minimum 10+ years of experience with network based security mitigation systems or tools
Firm understanding of security controls and best practices to secure varying platforms (i.e., network, operating system, databases and application layers including web and source code security)
Proven track record managing security focused teams
Demonstrated experience in developing and implementing an operational security strategy in a large, complex environment with successful outcomes.
Must be familiar with best practice trouble ticketing procedures
Proven analytical and problem solving ability
Comfortable with interfacing with other internal or external organizations regarding failure and incident response situations.
Computer Security Forensics and investigation including handling of "chain of custody" of acquired evidence.
Knowledge of large enterprise Backbone Security and IPv6 Security.
Industry-specific certifications, including two or more of the following: C|CISO, CISSP, CISA, CISM, ISSACA.
Education Level: Bachelor's Degree or Masters Preferred
Field of Study:System Engineering, System Development, Cyber Security, Computer Science, Identity Management, Access Management or related field
Certifications: CISSP; CISA, CISM or GIAC preferred
Years' Experience: Generally requires 10+ years related experience. Five or more years in a carrier class Internet Service Provider, preferred.
Send To A Friend
Posts
