IT - Security Operation Manager
We are looking for an Senior Security Operation Manager - Head of Blue Team who
can deliver and maintain a sound security operations and incident
response teams to rapidly fight cyber criminals who are looking to
attack us. A strong technical background such as prior cybersecurity
experience is a requirement for this position. The right candidate must
thrive in high-pressure situations, think like both an attacker and
defender, and drive security teams to take the right actions in the
right time frames to mitigate risks.
You will join a dynamic and fast-paced environment and work with cross-functional teams to design, build and roll-out products that deliver the company’s vision and strategy.
Lead and develop our ACB Cybersecurity Blue Team.
Monitor, manage, and secure ACB’s systems, networks, applications.
Tune rules, filters and policies for detection-related security technologies to improve accuracy and visibility
Recommends how to optimize security monitoring tools based on threat hunting discoveries.
Reviews asset discovery and vulnerability management data. Explores ways to identify stealthy threats that may have found their way inside network using the latest threat intelligence.
Manage and develop a multi-vendor / consultant network as well as leverage existing cybersecurity solutions to ensure appropriate solutions are in place.
Identify, track and investigate high priority threat campaigns and malicious actors
Escalate incidents, when necessary, based on ACB’s processes
Supervises the activity of the ACB Cybersecurity Blue Team. Recruits, hires, trains, and assesses the staff.
Manages the escalation process and reviews incident reports.
Measures our SOC performance metrics and communicates the value of security operations to business leaders.
Confidently and intelligently respond to security incidents, and programmatically prevent the same type of incidents from occurring in the future.
Design and coordinate cohesive responses to security events that involve multiple teams across the organization.
Evaluate the impact to our organization of current security trends, advisories, publications, and academic research.
Cultivate and maintain effective relationships with relevant external entities, such as government and law enforcement agencies, regulatory agencies, and private sector counterparts.
Work effectively with site leadership and other stakeholders such as Engineering Team, Finance, IT, OP, and Legal to address security requirements, any potential concerns.
Assist the IT, OP and Engineering teams with security systems technology integration, design, and implementation.
Partner with internal Risk Steering Committee to enhance programs supporting our operations.
8+ years of experience in Security Operations, Threat Hunting or Incident Response required
3+ years of experience in managing people & setting objectives, KPIs with deadline for them.
Ability to communicate effectively across all levels of our organization
Strong understanding of cyber threats, risk management and information security in the domains of TTP‘s, threat actors, campaigns, observables and mitigation.
Strong experience in Incident response, running SOC and standing up security operations architecture for visibility, detection, containment and mitigation controls.
Has working experience with Enterprise Security Information Event and Management (SIEM) tools and Log Management tools. Preferably, the candidate has basic knowledge and experience in Use Case Management.
Has working experience with Endpoint Detection and Response (EDR) tools.
Has the fundamental knowledge and experience on host and network forensics.
Has basic knowledge on security technologies, such as Firewalls, Secure Web and Email Gateways, Intrusion Detection Systems (IDPS), Application Control, Sandboxing, etc.
Security Orchestration, Automation and Response (SOAR) solutions.
This can be a stressful, pressure-packed job. We need you to be flexible, adaptable and down-to-earth and an expert in multi-tasking.
Strong problem-solving skills and willingness to roll up one’s sleeves to get the job done.
GIAC Certificates, OSCP, OSCE a plus.
Startup experience a plus.
Has a high degree of curiosity, especially in regards to incident investigation and response. The candidate is not quick in making assumptions, but rather looks deep and analyses extensively, in order to find hidden connections.
Thinks and acts creatively and is not restricted to standard solutions.
Is a good team player who enjoys working and exchanging knowledge and information. In addition, the candidate must be willing and capable of working for extended hours alone, during night shifts.
Has a critical mindset, speaks up, and challenges processes, ideas, etc., with the intention of improving the work and the team.
Constantly works on improving knowledge on cyber security and other business fields.
Knowledge at Penetrating Tests, Red Teaming, Threat Hunting will be an advantage.
Understanding the MITRE ATT&CK and Cyber Kill-Chain will be an advantage.
Experienced with Endpoint Detection and Response (e.g. GRR, osquery, sysmon), YARA rules, Volatility will be an advantage.
Desirable knowledge of various compliance such as SBV, PCI DSS is advantageous
Great knowledge in scripting (Python, Go, PowerShell) will be an advantage.
Work experience within a multicultural environment would be beneficial