Job Description

Senior Manager - Cybersecurity Detection

The Senior Manager - Cybersecurity Detection is responsible for the day-to-day management and support of Detection Analysts as they respond to threats, possible incidents, and during events. Their leadership expertise guides the analyst team to streamline the use of tools, processes and procedures appropriate to the detection of both internal and external threats against Enterprise infrastructure and information. This role provides escalation support to their team of Analysts, especially in sensitive cases that can exist between non-Cyber IT and/or while interacting with internal & external individuals involved in the scope of the investigation to ensure minimal impact to business operations. The SM-Cybersecurity Detection ensures the collection of the data discovered as well as the processes used by Analysts during their investigations for both reporting requirements and refinement of detection procedures.

Key Job Functions:

• Lead a team of Analysts as they investigate possible threats to determine credibility, impact and severity
• Ensure the monitoring of information security data sources to maintain organizational situational awareness
• Act as a point of contact for Analysts and employees reporting possible issues
• Advise appropriate leadership of changes affecting the organization's cybersecurity posture
• Ensure the collection and maintenance of data needed to meet reporting requirements
• Prepare reports and presentations as necessary on immediate issues as well as analytics for review
• Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning threat detection
• Manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risk
• Mentor Cybersecurity Detection staff to grow the next generation of professionals by providing training and advice to less experienced team members, as well as encouraging team members to research and schedule training
• Stay ahead of emerging threats, the cyber landscape, and changes in security detection products and processes through self-study, by leveraging available courses in-house and externally, and attending appropriate conferences
• Collaborate with the Cyber Threat Intelligence team to integrate threat intelligence into detection and enrichment
• Ensure the Security Operations Center (SOC) runs smoothly and efficiently, managing day-to-day activities and incident response
• Develop and execute long-term strategies for enhancing SOC capabilities
• Lead the response to security incidents, coordinating with various teams to mitigate threats and minimize impact

Education and/or Experience and Qualifications:

• Bachelor's or Master's degree in computer science, Information Security, or a related field
• A minimum of ten (10) years of related business experience (Defensive Security operations and management)
• Relevant certifications (e.g., CISSP, CISM, CISA, GSEC, GIAC)
• Strong communication and interpersonal skills (verbal and written) with a focus on managing the interface between technical-oriented employees, non-Cyber departments, and leadership
• Direct experience in investigations, prioritizing and managing a variety of cyber incidents
• Proven experience facilitating critical incident investigation with a diverse team of responders
• Requires knowledge of underlying platform(s); prior experience working with interdependent platforms; working knowledge of standards and impact of non-standard approaches
• Advanced experience with security monitoring tools and techniques as well as security detection and protection frameworks
• Advanced understanding of Cryptography, authentication, and access control as well as general & specific malware and malware behavior
• Advanced understanding of network protocols and security technologies (Firewalls, IDS/IPS) a plus
• In-depth knowledge of compliance frameworks (NIST, ISO 27001) a plus
• Experience with Cloud security and DevSecOps practices
• Experience in custom queries, searches, data models, creating correlated alerts, and dashboards

Job Tags

Similar Jobs