Phishing Simulation Program Lead – Data Security Team

About The Position

Requirements

• Degree or equivalent work experience equally preferable.
• Bachelor’s degree in Information Technology, Cyber Security, Computer Science or related discipline
• Minimum of at least one certification in a related security domain such as CISSP, GCIA, GSEC, CISM, EnCE, CEH, GCFA, GCFE, ISSMP, SANS GSEC, or GCIH required
• Experience working in global, complex, matrix-managed organization
• Experience in either : • Incident Response and Forensic Investigations work • Threat and vulnerability management • Cybersecurity Operations or Information Security
• Information security experience in the following areas: IT security, incident handling and response, exploit analysis, intelligence gathering, digital forensics methods and procedures
• Experience across the following technical concentrations: • -Network-Based Security Controls (Firewall, IPS, WAF, MDS, Proxy, VPN) • -Anomaly Detection and Investigation • -Host and Network Forensics • -Operating Systems • -Web Applications and Traffic
• Experienced with EnCase, FTK, SIFT, Splunk, Redline, Volatility, Wireshark, tcpdump, and open-source forensic tools
• Experience responding to cyber events in public cloud environments such as AWS, Azure, Google Cloud, etc.
• Experience with information security risk management, including conducting information security audits, reviews, and risk assessments.
• Experience with patch management solutions
• Experience with project management and leading complex projects.
• Security experience in all phases of product and service development lifecycle including architecture, design, development, testing, release, and operational maintenance.
• Experience with cloud computing security, network, operating system, database, application, and mobile device security
• Familiar with forensic security tools
• Knowledge of Information Assurance concepts and technologies
• Ability to document and explain technical details in a concise, understandable manner
• Extensive knowledge of vulnerability management and remediation.
• A diverse skill base in both product security and information security including organizational structure and administration practices, system development and maintenance procedures, system software and hardware security controls, access controls, computer operations, physical and environmental controls, and backup and recovery procedures.
• Detailed knowledge and experience in security and regulatory frameworks (ISO 27001, NIST 800 series, FFIEC, SOC2, FedRAMP, STAR, etc.)
• Expertise in numerous security domains including Security Governance and Oversight, Security Risk Management, Network Security, Threat and Vulnerability Management, and Incident Response and Forensics.
• Writing skills that present both a business and technical viewpoint
• Knowledge of threat hunting techniques, the intelligence cycle, and analysis methodologies
• Understanding of cyber threat actors, advanced cyber threats, and the “kill chain” methodology
• Understanding of back-channels typically used by actors for malicious activity
• Understanding of how to successfully access networks anonymously, obfuscation techniques and best practices for ensuring device non-attribution
• Understanding of vulnerability scanning and reporting
• Understanding of security event and incident handling
• Understanding of ethical hacking tools and techniques
• Familiarity with MITRE ATT&CK
• Understanding of network infrastructure (including firewalls), web proxy and/or email architecture - particularly as they apply in a mitigating control functionality
• Ability to act independently, prioritizing and organizing day to day tasks and needs as appropriate
• Demonstrates leadership
• Communicates effectively
• Identifies multiple paths to success using analytical and critical thinking as well as decision-making skills
• Operates strategically to support a culture of continuous improvement and systems thinking
• Makes sound business decisions in a complex work environment
• Collaborates with other business functions and divisions to advance business objectives
• Is flexible, decisive, and able to establish support from leadership
• Monitors industry trends and best practices and applies insights to advance the business
• Exhibits and fosters optimism, resilience, flexibility, and openness to others' ideas
• Inspires innovation and values learning as a lifelong professional objective
• Leads by example, engaging inclusively and with intent
• Always acts with integrity
• Iterative problem-solving
• Serving as a trusted advisor

Nice To Haves

• Experience working within the Financial Services Industry preferred
• Experience directly related to development and support of cyber threat intelligence services, providing threat monitoring, assessment and communication of potential and current information security risk and threats (preferable in the financial services industry)
• Previous government/military experience with threat intelligence preferred
• Experience with threat intelligence and SOC/CIRT interaction
• Experience with SIEM big data technology
• Splunk experience is highly preferred
• Experience with threat intelligence vendors
• Experience with EDR technologies
• Experience using the third-party cyber threat intelligence platforms

Responsibilities

• Assigns job titles and duties for handling computer and network incidents to specific individuals and document management personnel who will support the incident handling process
• Implements processes to contain the impact and spread of an attack or incident, and restoring related business/IT services
• Develops procedures to allow for personnel to report anomalous events to the incident handling team. Defines the mechanisms for such reporting, and the kind of information that should be included in the incident notification
• Reviews the execution of incident response plans and makes necessary adjustments based on effectiveness of response efforts and ultimate impact to the business
• Develops metrics to track incident response SLAs to determine if IR process is operating as designed
• Preserves forensic evidence to share with law enforcement and third-party forensic firms
• Works with Legal and 2nd line to implement data retention policies
• Establishes alert thresholds to determine when to convene the CIRT and investigate incidents
• Establishes voluntary information sharing with external stakeholders to achieve broader security situational awareness
• Assists with internal or third-party employee investigations
• Mentors/guides team of analysts
• Researches evolving IR and Forensic techniques and tools in support of incident response efforts
• Manages the vulnerability scanning process and document a prioritized list of the most critical vulnerabilities along with the risk scores
• Subscribes to a vulnerability intelligence service to stay aware of emerging exposures, and use the information gained from this subscription to update the organization's vulnerability scanning activities
• Produces threat intelligence reports (FS-ISAC, DHS, etc.) which identify relevant upcoming and ongoing threats to the enterprise
• Uses the reports make decisions and changes to the risk and threat posture and control environment
• Risk-rates vulnerabilities based on the exploitability and potential impact of the vulnerability, and segmented by appropriate groups of assets
• Measures the delay in patching new vulnerabilities and ensure compliance with Service Level Agreements (SLAs)
• Tracks and reports vulnerability remediation progress
• Performs vulnerability analysis and generate reports for stakeholders to remediate, and briefs senior management on critical vulnerabilities
• Performs Policy compliance scanning to identify when IT assets violate security requirements and policy
• Researches evolving threats, techniques, and tools in support of vulnerability and patch management efforts
• Provide strategic direction to the CSOC functional team. Assist CSOC Director with the creation of team strategy, goals, and organizational objectives
• Manage a team of CSOC analysts responsible for real time monitoring and management of security incidents. Assist in the career development and training of CSOC analysts and engineers
• Along with CSOC Management team, review and update event and incident thresholds and when to invoke the Computer Incident Response Team (CIRT) based on changes to the company's risk and threat environment
• Regularly review the effectiveness of the team’s standard processes, procedures, and workflow to ensure successful identification, protection, and detection of cybersecurity events or incidents
• Act as an escalation point for CSOC analysts when a potential incident occurs. Assist with review and triage of issues to confirm correct owner
• Serve as a CSOC Subject Matter Expert in communications and interactions with different business units
• Develop business case and cost justifications for the acquisition of new tools and technology. Serve as a sponsor during the project implementation
• Lead interactions with Information Sharing associations to share threat and event intelligence and build into monitoring tools and Intrusion Detection/Prevention systems
• Maintain familiarity with industry trends and current security practices
• THREAT INTELLIGENCE ROLE SPECIFIC:
• Daily threat intelligence monitoring through open and closed sources
• Provide day to day analysis of threats that have the potential to impact the company and its affiliates
• Evaluate data sources for consideration in the improvement and expansion of the threat intelligence program
• Responsible for day-to-day tactical/operational support and escalation of threat intelligence events
• Present key trends and analysis to peer teams and executive management
• Produce key metrics and reports that help to promote the value of threat intelligence
• Respond to computer security incidents in compliance with industry best practices
• Perform basic network security analysis in support of intrusion detection operations, including the development and enrichment of indicators used to enhance the network security posture
• Contribute to a team of cyber threat intelligence analysts to analyze threat data, write reports, brief event details to leadership, and coordinate remediation activities across multiple organizations
• Analyze the potential impact of new threats and exploits and communicate risks to relevant business units and leadership.
• Provide cyber risk and threat identification by proactively and continuously monitoring the internal and external landscape for relevant events, risks, and threats related to the cyber landscape
• Provide enterprise threat analysis by reviewing potential and current threats based upon a defined and repeatable threat analysis methodology
• Provide finished intelligence products/communications to key groups and the enterprise regarding potential threats and remediation efforts - including the ability to develop write-ups that provide effective analysis and actionable intelligence based on relevant security events
• Exceptional time management is required to balance strategic and operational support needs in day-to-day activities