With direction from senior Information Security leadership and using independent judgment and discretion, this position manages the day-to-day activities associated with the Security Operations Center, relevant security logging and monitoring tooling, and incident response handling. The resource will have high interaction among technology and business leadership to ensure appropriate incident response activities are performed to manage and address detected threats.
REPORTING STRUCTURE & WORK SETTING
This position typically performs work in a company office and reports to a senior leader with responsibility for the organization’s Information Security program.
PRIMARY FUNCTIONS AND SKILLSET
- Manage the day-to-day operations of a 24x7 Security Operations Center team (~2-5 team members) – augmented with a co-managed SIEM service provider – to identify andrespond to new and emergingthreats. Tasks include:
- Analyze, communicate, investigate, and report information security incidents including formal documentation, incident tracking, resolution activities, and future improvement opportunities to help mitigate future threats.
- Coordinate and oversee logging configuration and data ingestion into central aggregation engine to provide a central point for monitoring and alerting against suspicious or unusual activity impacting company systems. Recommend and enumerate defense improvements based on observed activity, common threat patterns, and opportunities to improve controls. Defend websites, applications, databases, servers (on premises and cloud), networks, desktops, and other end points
- Develop and advance the SOC capabilities over a short-term and long-term roadmap that focuses on Threat Intelligence, Threat Hunting, Indicators of Compromise, and Data Enrichment.
- Align practices to industry benchmarks and frameworks (e.g., NIST, SANS, ISO, etc.)
- Continuously update and improve response processes and procedures based on process review. Recommend new capabilities to help with threat identification, response, and prevention, including the automation of response
- Serve as the focal point for engagement between the Security Operations Center, business units, service providers (e.g., internal and external), and potential suppliers.
- Execute and facilitate information security incident testing and table-top exercises to meet control requirements.
- As a member of the Information Security leadership team, provide thought-leadership and insight into the Information Security Vision and Strategy, as well as providing guidance on capability assessment and future investment.
- Establish plans and protocols or familiarity with protecting digital files and information systems against unauthorized access, modification and/or destruction for purposes of chain-of-custody and digitalforensics.
- Minimum of 5 years’ experience in information technology that includes a minimum of 3 – 4 years information security administration experience. Experience is an ASP environment is preferred.
SPECIALIZED KNOWLEDGE, SKILLS & ABILITIES:
- Strong working knowledge of information security practices in an ASP environment and a strong technical knowledge of networked information services and infrastructure components is required.
- Excellent oral and written communication skills are required to assist in the development of information security policies and programs, relay technical information to non-technical stakeholders. Incumbents must have the ability and skill to effectively present technical information to audiences as described.
- Must be proficient in using business and communications software (preferably Word, Excel, PowerPoint, common Windows operating systems, and Outlook). Must have an extensive working knowledge and understanding of PCs and various software applications, especially those involving information security activities including but not limited to Firewall, VPN and Wireless Security technologies; cloud, hybrid, and on-premise infrastructure deployments; host and network based Intrusion Detection and Prevention systems; Encryption technologies AES, RSA, API Security; Virtualization technologies; Unix/Linux Server, Windows Server and Desktop Operating Systems; and Windows Active Directory, Kerberos, LDAP.
TRAVEL REQUIREMENTS & CONDITIONS
Travel is limited in this role 0%-10%. Travel to field offices and off-site locations may occur on-occasion. Trips may span 2-5 days and are determined by business needs.
Knowledge of computer science and/or information technology as normally obtained through a Bachelor’s Degree in Business Computer Science or a closely related field of study. MBA or relevant Master’s Degree preferred.
A Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) designation is preferred.