Randstad Security Operations Lead in Philadelphia, Pennsylvania
Security Operations Lead
salary:$125,000 - $130,000 per year
date posted:Monday, April 16, 2018
The Security Operations Lead is a key member of the technology team who coordinates IT security operations, monitoring and response and takes a leadership role with the Computer Security Incident Response Team (CSIRT). This role is responsible for the programs that continuously monitor the IT environment for security events, and detect and respond to security incidents that may occur.
The Security Operations Lead coordinates monitoring for, investigation and response to and reporting on Information Security threats, vulnerabilities, events and incidents that could impact the Firm's technical or business operations. This role also manages documentation and tracking of security incidents, waivers, exceptions, vulnerabilities, and remediation efforts.
The successful candidate:
is capable of leading highly complex technical analyses of and responses to security threats and incidents, while also coordinating with IT and Firm leadership, third-party resources (e.g., MSSP and/or forensic firms), and IT subject matter experts; and
is qualified to help develop and mature the Firm's current incident response program, driving short and long-term program objectives, and coordinating with technical resources from a variety of IT teams to ensure efficient and effective response and remediation; and
is passionate about keeping the Firm's global technology environment safe, reliable and secure.
ESSENTIAL JOB FUNCTIONS :
Design and manage IT Security monitoring and response programs, including:
security event monitoring and incident response
ongoing development of the CSIRT and the Incident Response Plan
threat management, vulnerability management and remediation
forensics, investigations and management of digital evidence
IR-related awareness activities, including training for CSIRT roles and periodic tabletop and other "drill" activities
post-incident functions, including root-cause analysis as well as implementation of lessons learned and ongoing improvement of the program
design and delivery of training appropriate to various CSIRT roles
Select, implement and manage tools to support monitoring and response functions, including SIEM, vulnerability management and security event output from numerous security controls and other event sources (e.g., web filter, endpoint security tools).
Maintain the Incident Response Plan, associated processes and procedures, incident records and other related documentation.
Provide input to incident response staffing. Supervise SOC staff and/or MSSP provider relationship as appropriate.
Provide input to Information Security strategy, roadmap, and governance functions, based on issues identified during incident monitoring and response.
Occasional evening and weekend hours, based on incident activity and escalations.
Other duties as assigned.
7-10 years of relevant experience.
Experience responding to various security threats including phishing and other social engineering attacks, malware, advanced persistent threats (APT), denial of service (DoS), etc.
Strong technical security background, including: network/perimeter security; host security; security incident and event monitoring (SIEM); vulnerability assessment; intrusion detection and response; encryption; and internet content monitoring/filtering.
Understanding of hacker methodologies and techniques, system vulnerabilities and common indicators of compromise, penetration testing and threat hunting techniques.
Understanding of core security technologies like anti-malware, authentication, encryption, and DLP. Working knowledge of network and security protocols including TCP/IP, SMTP, FTP, SSH, TLS, SSL, HTTP, IPSec and other VPN protocols.
Working knowledge and understanding of key technologies including Microsoft Windows platforms, network routing and switching concepts, UNIX, and Linux platforms.
Demonstrated personal integrity, ability to handle confidential matters professionally and with discretion. Sound judgment and decision-making commensurate with the position and its responsibilities.
Strong written and verbal communications skills. Ability to explain deeply technical concepts to non-technical audiences.
Excellent time management skills to effectively manage multiple and sometimes competing priorities. Ability to work calmly under pressure.
Strong analytical, process and troubleshooting skills.
The desire, commitment and ability to be a team player. Ability to manage expectations, align different points of view and gain consensus.
Experience managing a small team and/or vendor relationships (e.g., MSSP) is a plus.
Security related certification is a plus, e.g., CISSP, SANS GSEC, SANS GCIH, or similar.
Bachelor's degree or equivalent experience preferred.