10 days old
2018-04-162018-05-14

Security Operations Lead

Philadelphia, PA 19104
  • Job Code
    614695
  • Payrate
    $125,000 To $130,000

The Security Operations Lead is a key member of the technology team who coordinates IT security operations, monitoring and response and takes a leadership role with the Computer Security Incident Response Team (CSIRT). This role is responsible for the programs that continuously monitor the IT environment for security events, and detect and respond to security incidents that may occur.


The Security Operations Lead coordinates monitoring for, investigation and response to and reporting on Information Security threats, vulnerabilities, events and incidents that could impact the Firm's technical or business operations. This role also manages documentation and tracking of security incidents, waivers, exceptions, vulnerabilities, and remediation efforts.


Job Description


The successful candidate:



  • is capable of leading highly complex technical analyses of and responses to security threats and incidents, while also coordinating with IT and Firm leadership, third-party resources (e.g., MSSP and/or forensic firms), and IT subject matter experts; and
  • is qualified to help develop and mature the Firm's current incident response program, driving short and long-term program objectives, and coordinating with technical resources from a variety of IT teams to ensure efficient and effective response and remediation; and
  • is passionate about keeping the Firm's global technology environment safe, reliable and secure.


ESSENTIAL JOB FUNCTIONS:



  • Design and manage IT Security monitoring and response programs, including:


    • security event monitoring and incident response
    • incident-related communications
    • ongoing development of the CSIRT and the Incident Response Plan
    • threat management, vulnerability management and remediation
    • forensics, investigations and management of digital evidence
    • IR-related awareness activities, including training for CSIRT roles and periodic tabletop and other "drill" activities
    • post-incident functions, including root-cause analysis as well as implementation of lessons learned and ongoing improvement of the program
    • design and delivery of training appropriate to various CSIRT roles

  • Select, implement and manage tools to support monitoring and response functions, including SIEM, vulnerability management and security event output from numerous security controls and other event sources (e.g., web filter, endpoint security tools).
  • Maintain the Incident Response Plan, associated processes and procedures, incident records and other related documentation.
  • Provide input to incident response staffing. Supervise SOC staff and/or MSSP provider relationship as appropriate.
  • Provide input to Information Security strategy, roadmap, and governance functions, based on issues identified during incident monitoring and response.
  • Occasional evening and weekend hours, based on incident activity and escalations.
  • Other duties as assigned.


QUALIFICATIONS:



  • 7-10 years of relevant experience.
  • Experience responding to various security threats including phishing and other social engineering attacks, malware, advanced persistent threats (APT), denial of service (DoS), etc.
  • Strong technical security background, including: network/perimeter security; host security; security incident and event monitoring (SIEM); vulnerability assessment; intrusion detection and response; encryption; and internet content monitoring/filtering.
  • Understanding of hacker methodologies and techniques, system vulnerabilities and common indicators of compromise, penetration testing and threat hunting techniques.
  • Understanding of core security technologies like anti-malware, authentication, encryption, and DLP. Working knowledge of network and security protocols including TCP/IP, SMTP, FTP, SSH, TLS, SSL, HTTP, IPSec and other VPN protocols.
  • Working knowledge and understanding of key technologies including Microsoft Windows platforms, network routing and switching concepts, UNIX, and Linux platforms.
  • Demonstrated personal integrity, ability to handle confidential matters professionally and with discretion. Sound judgment and decision-making commensurate with the position and its responsibilities.
  • Strong written and verbal communications skills. Ability to explain deeply technical concepts to non-technical audiences.
  • Excellent time management skills to effectively manage multiple and sometimes competing priorities. Ability to work calmly under pressure.
  • Strong analytical, process and troubleshooting skills.
  • The desire, commitment and ability to be a team player. Ability to manage expectations, align different points of view and gain consensus.
  • Experience managing a small team and/or vendor relationships (e.g., MSSP) is a plus.
  • Security related certification is a plus, e.g., CISSP, SANS GSEC, SANS GCIH, or similar.
  • Bachelor's degree or equivalent experience preferred.

Categories

Featured Jobs

Career News

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Security Operations Lead

Randstad Technologies
Philadelphia, PA 19104

Share this job

Security Operations Lead

Randstad Technologies
Philadelphia, PA
US

Separate email addresses with commas

Enter valid email address for sender.

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast