Cyber Security Threat Manager
Posted on Feb 13, 2020 by Request Technology - Craig Johnson
Prestigious Enterprise Company is currently seeking a Cyber Security Threat Manager. Candidate will be part of Cybersecurity team and will help fulfil Information Security department's vision of reducing information risk by ensuring and enhancing the availability, reliability and accessibility of our information systems. Candidate will provide people management and technical direction over the Cyber Security Threat Detection function, as well as lead the team responsible for activities ranging across threat analysis, advanced threat detection, development of correlation logic in the SIEM tool (Splunk), and assist in the team's activities ranging across event monitoring, incident response, threat intelligence, and forensic analysis.
- Develop domain expertise across the breadth of the program and drive strategic design of Thereat Detection workflows.
- Apply critical thinking in understanding the new & emerging threats working along with Cyber Threat Intelligence and Threat Modeling team and then build & execute required action plan.
- Execute a data detection strategy based on the MITRE ATT&CK Framework. Analyze threat information from multiple sources, synthesizing and placing threat intelligence information in context and use that in development of new Security alerts in the SIEM tool to address new and emerging threats.
- Continually identify, evaluate and monitor threats that could affect operational and business activities.
- Develop strategies and partner with Business/IT stakeholders to identify and detect security threats.
- Provide thought leadership and guidance on intelligence/analytics research to build the necessary controls and infrastructure to provide automated and proactive threat detection capabilities.
- Manage processes and logic required for effective Threat Detection.
- Manage and support development of Security Operations playbooks to ensure threat detection, monitoring, response & forensics activities align with best practices, minimize gaps in detection & response and provide comprehensive mitigation of threats.
- Lead day-to-day operations and manage a team of Security Analysts who deliver Cybersecurity's scaled threat detection, assessment and mitigation efforts.
- Lead broad initiatives, plan and track delivery deadlines, and oversee tactical delivery of improvements to Cybersecurity's threat management processes.
- Provide technical leadership to your team on upkeep, tuning and enhancement to SIEM tool (Splunk background preferred).
- Manage and execute processes responsible for the advanced analysis of security threats (malicious code, intrusion logging, etc.) to proactively develop detection for such threats.
- Support inquiries from compliance teams such as IT risk management, Internal and External audit, to ensure documentation is complete and in compliance with Information Security policies.
- Participate in the review and documentation of requirements for analysing the specific threats to assist in development of new use cases to detect, report, log, track, and escalate security events.
Communication and Collaboration
- Routinely brief and update senior leadership and other stakeholders on the threat detection program and manage escalations.
- Effectively collaborate within Information Security with teams such as Threat Intel, Monitoring, Incident Response, Forensics etc. as well as external teams in IT and various lines-of-businesses to enable advancement of the security posture.
- Present security analysis, action plan and risks to different audiences and adjust the delivery accordingly (business, technical and management) using either structured presentations or ad-hoc and establish consensus.
- Establish and maintain business relationships with individual contributors as well as management.
- At least 8 years of Information Security or related experience.
- At least 3 years of experience with building and leading high performing Information Security teams in complex environments.
- At least 3 years of Information Security experience especially developing advanced threat detection capabilities.
- Demonstrated experience with designing and implementing use cases in SIEM tool such Splunk(preferred), ArcSight, QRadar, etc.
- Strong knowledge of enterprise detection technologies and processes (Advanced Threat Detection Tools, IDS/IPS, Network Packet Analysis, Endpoint Protection).
- Advanced knowledge of network protocols and operating systems (Windows, Unix, Linux, Databases).
- Relevant security knowledge and experience in two of the following areas: threat response, Security event monitoring, incident response, network/host intrusion detection, malware analysis.
- Proven experience in day-to-day operational processes such as security monitoring, data correlation, troubleshooting, security operations etc.
- Strong knowledge of network protocols and operating systems (Windows, Unix, Linux, Databases).
- Bachelor's degree in Computer Science, Information Technology, Cyber Security related field or equivalent work experience.
- CISSP or CISM certification. Other relevant security certifications will be considered such as GIAC, GCIH, CEH, CSA+ certifications.
- Experience working in a Security Operations Center (SOC) environment is preferred.