Director, Threat Management

NorthAB LLC
Remote
Match Resume

About The Position

Director, Threat Management North- Remote, US What you'll be doing: Oversee the monitoring of security events and incidents to ensure timely detection, analysis, and response to ensure fraud and financial losses are prevented. Develop and lead Threat Hunting and Detection Engineering functions to implement proactive threat hunting and detection strategies that identify and mitigate potential threats to the payments ecosystem that could lead to financial or other losses. Develop and lead a Cyber Threat Intelligence function to identify and report on emerging threats and trends in the financial and payments industry. Develop and maintain Incident Response plans including playbooks and escalation procedures for fraud and financial crime scenarios. Conduct post-incident analysis (root cause analysis), oversee forensic investigations, and collaborate with various teams for a coordinated response and continuous improvement on the risk posture of North to prevent financial loss Lead tabletop exercises with senior management and executive leadership teams related to cyber risk and fraud. Provide leadership and direction to the team: Set clear goals, expectations, and priorities, ensuring alignment with overall company objectives. Foster a positive, collaborative, and results-driven team environment. Manage team performance and development: Oversee day-to-day activities, provide regular coaching and feedback, conduct performance reviews, identify training needs, and support career growth opportunities for team members. What we need from you: Bachelor's degree in Computer Science, Cyber Security or related field. 10+ years of experience in Cybersecurity or related fields. (Threat Hunting, Malware Research, Red Teaming) Hands-on experience is critical for understanding the complexities and challenges of managing security incidents, hunting and detection across different environments. Strong background in cybersecurity domains including: Vulnerability exploitation detection; Malware identification and Reverse Engineering; security content and signature development Experience conducting hunts or incident response across networks, endpoints, cloud and application environments. Demonstrated ability to interpret and write automated scripts and programming code to support detection efforts. Working knowledge of TTPs used for EDR evasion, vulnerability and zero-day exploitation investigations (network, endpoint, application level). Proficiency and hands-on experience with Incident Response tools, protocols, and analysis techniques is crucial; including knowledge of: Endpoint Detection and Response (EDR) tools; Network and memory forensics; Deep understanding of network protocols and network traffic analysis; familiarity with packet capture analysis; Experience with log and SIEM analysis to detect malicious activity; Proficiency in cloud platforms and their security tools and the ability to handle close-specific events and incidents; How Artificial Intelligence (AI) and Machine Learning (ML) are used in threat detection and response. Ability to create detailed and clear incident reports for technical and non-technical stakeholders. Must have a deep understanding of cybersecurity principles, including knowledge of threats, vulnerabilities, and risk management. Should be familiar with various types of attacks, such as credential stuffing, ransomware, malware, phishing, and DDoS attacks, and how to respond to them. A thorough understanding of incident response procedures is crucial. This includes knowledge of how to identify an incident, assess its impact, contain it, eradicate the threat, recover from it, and conduct a post-incident lessons learned review. Knowledge of digital forensics to investigate security incidents. This includes understanding how to preserve evidence, analyze system logs, and conduct root cause analysis. Experience in identifying and leveraging cyber threat intelligence resources (reports, TTPs, IOCs, YARA rules, etc.) for response, detection and hunt. Knowledge of and practical experience with Kill Chain, Diamond and MITRE ATT&CK frameworks. Familiarity with developing and implementing disaster recovery plans to ensure business continuity in the event of a security breach is beneficial.

Requirements

  • Bachelor's degree in Computer Science, Cyber Security or related field.
  • 10+ years of experience in Cybersecurity or related fields. (Threat Hunting, Malware Research, Red Teaming)
  • Hands-on experience is critical for understanding the complexities and challenges of managing security incidents, hunting and detection across different environments.
  • Strong background in cybersecurity domains including: Vulnerability exploitation detection; Malware identification and Reverse Engineering; security content and signature development
  • Experience conducting hunts or incident response across networks, endpoints, cloud and application environments.
  • Demonstrated ability to interpret and write automated scripts and programming code to support detection efforts.
  • Working knowledge of TTPs used for EDR evasion, vulnerability and zero-day exploitation investigations (network, endpoint, application level).
  • Proficiency and hands-on experience with Incident Response tools, protocols, and analysis techniques is crucial; including knowledge of: Endpoint Detection and Response (EDR) tools; Network and memory forensics; Deep understanding of network protocols and network traffic analysis; familiarity with packet capture analysis;
  • Experience with log and SIEM analysis to detect malicious activity;
  • Proficiency in cloud platforms and their security tools and the ability to handle close-specific events and incidents;
  • How Artificial Intelligence (AI) and Machine Learning (ML) are used in threat detection and response.
  • Ability to create detailed and clear incident reports for technical and non-technical stakeholders.
  • Must have a deep understanding of cybersecurity principles, including knowledge of threats, vulnerabilities, and risk management.
  • Should be familiar with various types of attacks, such as credential stuffing, ransomware, malware, phishing, and DDoS attacks, and how to respond to them.
  • A thorough understanding of incident response procedures is crucial. This includes knowledge of how to identify an incident, assess its impact, contain it, eradicate the threat, recover from it, and conduct a post-incident lessons learned review.
  • Knowledge of digital forensics to investigate security incidents. This includes understanding how to preserve evidence, analyze system logs, and conduct root cause analysis.
  • Experience in identifying and leveraging cyber threat intelligence resources (reports, TTPs, IOCs, YARA rules, etc.) for response, detection and hunt.
  • Knowledge of and practical experience with Kill Chain, Diamond and MITRE ATT&CK frameworks.

Nice To Haves

  • Familiarity with developing and implementing disaster recovery plans to ensure business continuity in the event of a security breach is beneficial.
  • Certifications such as GDAT, GCIH, GPEN, GCTI.

Responsibilities

  • Oversee the monitoring of security events and incidents to ensure timely detection, analysis, and response to ensure fraud and financial losses are prevented.
  • Develop and lead Threat Hunting and Detection Engineering functions to implement proactive threat hunting and detection strategies that identify and mitigate potential threats to the payments ecosystem that could lead to financial or other losses.
  • Develop and lead a Cyber Threat Intelligence function to identify and report on emerging threats and trends in the financial and payments industry.
  • Develop and maintain Incident Response plans including playbooks and escalation procedures for fraud and financial crime scenarios.
  • Conduct post-incident analysis (root cause analysis), oversee forensic investigations, and collaborate with various teams for a coordinated response and continuous improvement on the risk posture of North to prevent financial loss
  • Lead tabletop exercises with senior management and executive leadership teams related to cyber risk and fraud.
  • Provide leadership and direction to the team: Set clear goals, expectations, and priorities, ensuring alignment with overall company objectives.
  • Foster a positive, collaborative, and results-driven team environment.
  • Manage team performance and development: Oversee day-to-day activities, provide regular coaching and feedback, conduct performance reviews, identify training needs, and support career growth opportunities for team members.

Benefits

  • Medical, Dental, & Vision Coverage
  • Flexible Paid Time Off
  • 401(k) + Match
  • Mental Health Support & Well-Being Program
  • Paid Maternity & Paternity Leave
  • Education Assistance
  • Company-funded Lifestyle Spending Account

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Director

Job Search Resources

Similar Director, Threat Management job opportunities

Threat Management Analyst
Minuteman Security Technologies Inc
Minuteman Security Technologies Inc • Rahway, NJ2d • Onsite
Threat Management Analyst
Minuteman Security Technologies
Minuteman Security Technologies • Rahway, NJ1d • Onsite
Director, Cyber Security Operations and Threat Management
Jazwares, LLC
Jazwares, LLC • Plantation, FL4d
Director, Cyber Security Operations and Threat Management
Jazwares Careers
Jazwares Careers • Plantation, FL3d
Manager, Information Security Threat Management
Cottage Health
Cottage Health • Santa Barbara, CA11d
Incident, Threat, and Change Management Team Lead
ELLKAY, LLC
ELLKAY, LLC3d • Hybrid
Explore More Jobs

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service