Cyber Security Manager
Posted on Mar 5, 2020 by Request Technology
A prestigious company is on the search for a Cyber Security Manager. This role will manage over people and provide technical direction over the Cyber Security Threat Detection Function. This person will lead a team of security analysts with responsibility for threat analysis, advanced threat detection, development of correlation logic in the SIEM too (Splunk), and help the team with event monitoring, incident response, threat intelligence, and forensic analysis. This person should have experience with designing and implementing use cases in SIEM tool such as Splunk, ArcSight, QRadar, etc. Splunk is the preferred tool.
- Develop domain expertise across the breadth of the program and drive strategic design of Thereat Detection workflows.
- Apply critical thinking in understanding the new & emerging threats working along with Cyber Threat Intelligence and Threat Modeling team and then build & execute required action plan.
- Execute a data detection strategy based on the MITRE ATT&CK Framework. Analyze threat information from multiple sources, synthesizing and placing threat intelligence information in context and use that in development of new Security alerts in the SIEM tool to address new and emerging threats.
- Continually identify, evaluate and monitor threats that could affect operational and business activities.
- Manage processes and logic required for effective Threat Detection.
- Manage and support development of Security Operations playbooks to ensure threat detection, monitoring, response & forensics activities align with best practices, minimize gaps in detection & response and provide comprehensive mitigation of threats.
- Lead day-to-day operations and manage a team of Security Analysts who deliver Cybersecurity's scaled threat detection, assessment and mitigation efforts.
- Lead broad initiatives, plan and track delivery deadlines, and oversee tactical delivery of improvements to Cybersecurity's threat management processes.
- Provide technical leadership to your team on upkeep, tuning and enhancement to SIEM tool (Splunk background preferred).
- Manage and execute processes responsible for the advanced analysis of security threats (malicious code, intrusion logging, etc.) to proactively develop detection for such threats.
- Participate in the review and documentation of requirements for analysing the specific threats to assist in development of new use cases to detect, report, log, track, and escalate security events.
- Routinely brief and update senior leadership and other stakeholders on the threat detection program and manage escalations.
- At least 8 years of Information Security or related experience.
- At least 3 years of experience with building and leading high performing Information Security teams in complex environments.
- At least 3 years of Information Security experience especially developing advanced threat detection capabilities.
- Demonstrated experience with designing and implementing use cases in SIEM tool such Splunk(preferred), ArcSight, QRadar, etc.
- Strong knowledge of enterprise detection technologies and processes (Advanced Threat Detection Tools, IDS/IPS, Network Packet Analysis, Endpoint Protection).
- Advanced knowledge of network protocols and operating systems (Windows, Unix, Linux, Databases).
- Relevant security knowledge and experience in two of the following areas: threat response, Security event monitoring, incident response, network/host intrusion detection, malware analysis.
- Proven experience in day-to-day operational processes such as security monitoring, data correlation, troubleshooting, security operations etc.
- Strong knowledge of network protocols and operating systems (Windows, Unix, Linux, Databases).
- Bachelor's degree in Computer Science, Information Technology, Cyber Security related field or equivalent work experience.
- CISSP or CISM certification. Other relevant security certifications will be considered such as GIAC, GCIH, CEH, CSA+ certifications.
- Experience working in a Security Operations Center (SOC) environment is preferred.