Job Description :
Experience:
15+ years overall experience in IT Security
CISSP or equivalent certification or experience
10+ years incident response handling
5+ years staff planning and budget handling
5+ years overall IT security program management
Ability to assess, triage, and investigate potential threats, leading teams, assigning resources, and using tools to validate and, if necessary, mitigate threats.
Excellent communication skills, 5+ years performing management summaries and executive briefings.
Excellent customer facing skills, able to elicit long range goals, determine immediate concerns, and divine customer priorities and weave them into an evolving service and product portfolio, maintaining the currency and future relevance of IT security service portfolio.
Manage the overall response for IT Security incidents.
Coordinate with 3rd party Vendors of all types.
Coordinate with government entities (including law enforcement) and legal department.
Experience with placing/maintaining data on legal hold, maintaining evidentiary chain-of-custody, and maintaining privilege logs (under legal supervision
Experience creating and reviewing risk assessments, interpreting threat intelligence, and briefing leadership on risk prioritization and mitigation.
Experience drafting and revising processes and workflows.
Experience determining key performance metrics, their measurement, and their reporting.
Experience ensuring service delivery in compliance with contract objectives and service levels. Experience auditing contract compliance to ensure adherence.
Good written and speaking skills in English
Good listening skills.
Ability to explain processes, security requirements, and IT related risks to non-technical and non-IT security personnel.
Preferred additional value:
Skills and certifications on additional IT security control products
Other IT Security and network technology certifications.
Experience with ServiceNow ticketing and alert generation.
Sales, Sales Engineering, Pre-Sales, or Consulting experience.
Responsibilities include but are not limited to:
Lead the Cyber Security Fusion Center’s team delivering IT Security services to large government entities.
Drive/Guide , customer, and third party teams to take appropriate actions on Security incidents
Assess overall performance against contract and customer expectations, remediate any gaps.
Consolidate and conduct comprehensive analysis of threat data obtained from various sources, prioritize risks, and advise the customer and on the best order and methods to mitigate the risks.
Identify trends , customer, and third parties which may introduce risks into the customer’s IT infrastructure, and take steps to inform applicable stakeholders and remediate the risks.
Meet regularly with customer leadership and stakeholders, ensuring that service delivery is within acceptable ranges and to ensure future needs are timely captured, evolve mix of security products and services to ensure CSFC’s future relevance.
Coordinate incident management and resolution for security-related incidents or breaches that occur in third-party locations (e.g. data center services or cloud services)
Contain or reduce the impact of security-related incidents or breaches while being resolved, including implementation of workaround solutions
In the event of ongoing security incidents or major vulnerabilities, provide briefings at Customer’s request to discuss a remediation plan, the potential impact on operations, and other key information
Automate resolution process for certain types of security-related incidents or breaches as possible
Conduct a Root Cause Analysis and reporting to understand drivers of security-related incidents, vulnerabilities, or breaches, including recommendations for preventative measures and follow-up on any agreed-upon measures.
Disseminate results and recommendations from any Root Cause Analysis to relevant Customer personnel and other Customer Contractors and implement Customer’s recommended solutions
Request 3rd party Service Providers to disseminate results and recommendations from Root Cause Analysis
Provide on-call expertise during incidents as requested and validated by Customer for specific types of incidents
Develop, maintain, and share self-service resolution materials with Infrastructure IT Service Component Provider to support issue resolution at help desk
Perform penetration testing in support of the vulnerability management program, or ad-hoc by customer request, evaluating potential vulnerabilities and preparing a risk analysis report about the testing subject.
Create new Splunk Use Cases, including assisting in evaluation and assessment of risks/controls for new technologies, performing business requirements gathering, scoping discussions, and QA testing
Transitioning and maintaining program or project solutions dealing with Splunk ES (SIEM), monitoring, and response technologies.
Participate in quarterly security tabletop, red team v. blue team exercises, and live training drills of incident run books with Customer staff to facilitate brainstorming, improvement, and creativity in incident response