Cybersecurity Manager (SOC-Blue Team)

Defensive- Blue Team Mettawa, Illinois


Description

DOT Security Logo

DOT Security’s mission is to improve the security posture of client organizations by providing detection, response, risk management, and compliance services as identified and required. DOT Security will implement processes, technology, and provide subject matter expert personnel to monitor and respond to client needs in the cybersecurity and compliance space. Working with client organizations, DOT Security will continuously measure and improve internal processes and technology, which will translate to improved services provided to the client.

DOT Security is seeking a talented team member to fill the role of Cybersecurity Manager for our Security Operations Center (SOC). Individuals will be evaluated on their knowledge and skills demonstrated during the interview testing and interview process. DOT Security has developed a career progression path, that challenges all of our team to grow as cybersecurity professionals with solid cybersecurity knowledge and to provide excellent customer service with ongoing detection and response capabilities as the Manager of the DOT Security - Security Operations Center (SOC).

You will be managing the Blue Team Analysts for DOT Security, ensuring the capabilities of the SOC technology and personnel meet service and client expectations. Lead the transition to a 24x7 SOC to ensure coverage with all levels of required team members. Continue to build a Cybersecurity Analyst team that is able to meet the current and future requirements of Identifying, Detecting, and Responding to cybersecurity threats to our client organizations.

The role of the Cybersecurity Manager (CSM) is challenging and rewarding. It requires a business acumen, effective communication, and the ability to handle client satisfaction challenges, develop plans of action, and conduct thorough analysis and investigation of security data through the application of critical thinking and technical skills.

The CSM is not a remote position. The CSM is required to be on-site at the DOT Security Operations Center.


Responsibilities

  • Lead the CSA team and oversee the SOC to ensure the services provided to client in the monitoring and protection of networks, systems and applications by technical enforcement of applicable security policies and escalation processes.
  • Manage staffing, supervision, scheduling, development, evaluation, and disciplinary actions.
  • Conduct follow-up meetings of escalated or noteworthy cases and modifies SOPs and playbooks based on policies, standards and best practices learned from previous cases and provide technical oversight for security tool deployment and implementation.
  • Ensure analysts follow existing procedures and all procedures are documented in accordance with local guidelines.
  • Continuously monitor levels of service as well as interpret and prioritize threats through use of intrusion detection systems, firewalls and other boundary protection devices and any security incident management products deployed, as well as mitigate information security risks.
  • Define metrics and KPIs to drive improvements in the SOC
  • Review potential, successful and unsuccessful intrusion attempts and compromises to identify opportunity of process improvements.
  • Coordinate shift schedule of the SOC staff within the established employment guidelines by managing regular, holidays, PTO and emergency scheduling
  • Ensure completion of SOC operational tasks.
  • Keep current with the latest vendor updates, expansion opportunities and technology directions, utilized in the Clients environment; ensure daily operational processes effectively support SOC operations objectives and the DOT Management team is aware of any issues or incidents.

Things We Are Looking For

Knowledge
  • Computer networking concepts and protocols, and network security methodologies.
  • Risk management processes (e.g., methods for assessing and mitigating risk).
  • Laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
  • Cybersecurity and privacy principles.
  • Cyber threats and vulnerabilities.
  • Specific operational impacts of cybersecurity lapses.
  • Information technology (IT) architectural concepts and frameworks.
  • Risk management framework (RMF) requirements.
  • Resource management principles and techniques.
  • System life cycle management principles, including software security and usability.
  • The organization’s enterprise information technology (it) goals and objectives.
  • How information needs and collection requirements are translated, tracked, and prioritized across the extended enterprise.
  • MITRE ATT&CK Framework and integration into Security Analysis.
  • The organization's core business/mission processes.
  • Import/export control regulations and responsible agencies for the purposes of reducing supply chain risk.
  • Supply chain risk management standards, processes, and practices.
  • Functionality, quality, and security requirements and how these will apply to specific items of supply (i.e., elements and processes).
  • Risk/threat assessment.
  • Information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
  • Cloud-based knowledge management technologies and concepts related to security, governance, procurement, and administration.
  • Import/export regulations related to cryptography and other security technologies.
  • Service management concepts for networks and related standards (e.g., information technology infrastructure library, current version [ITIL]).
  • How to leverage research and development centers, think tanks, academic research, and industry systems.
  • Information technology (IT) acquisition/procurement requirements.
  • The acquisition/procurement life cycle process.
  • Staff management, assignment, and allocation processes.

Skills
  • Identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system.
  • Translate, track, and prioritize information needs and intelligence collection requirements across the extended enterprise.
  • Using knowledge management technologies.
  • Skill in using network management tools to analyze network traffic patterns (e.g., simple network management protocol).
  • Using protocol analyzers.
  • Writing code in a currently supported programming language (e.g., Java, C++).
  • Analyzing memory dumps to extract information.
  • Knowledge management, including technical documentation techniques (e.g., Wiki page).
  • Managing client relationships, including determining client needs/requirements, managing client expectations, and demonstrating commitment to delivering quality results.
  • Skill in communicating with all levels of the internal and client organizations (e.g., interpersonal skills, approachability, effective listening skills, appropriate use of style and language for the audience).

Abilities
  • Understand technology, management, and leadership issues related to organization processes and problem solving.
  • Coordinate with senior leadership of an organization to ensure that the shared responsibility for supporting organizational mission/business functions using external providers of systems, services, and applications receives the needed visibility and is elevated to the appropriate decision-making authorities.
  • Apply supply chain risk management standards.
  • Oversee the development and update of the life cycle cost estimate.
  • Evaluate/ensure the trustworthiness of the supplier and/or product.
  • Ensure security practices are followed throughout the acquisition process.

Other Desire Attributes
  • Minimum of 5 years’ experience working in a Security Operations Center with demonstrated increase of responsibilities.
  • Certifications include, but not limited to, Network+, Security+, Certified Information Systems Manager (CISM), Certified Information Systems Security Professional (CISSP), GIAC Certified Intrusion Analyst, GIAC Certified Incident Handler, or GIAC Reverse Engineering Malware
  • Public Trust background check (Limited Requirement)
  • Must be able to do some light lifting.
  • College degrees may be a substitute for up to two years experience for Bachelor’s degrees. 4 Years for master’s degrees.

Benefits

  • 20 days of PTO
  • 12+ paid holidays
  • Flexible Sick Day Policy
  • Paid Maternity & Paternity Leave
  • Comprehensive Health, Disability Life, Dental and Vision Plans
  • 401(K) match & retirement plans
  • Student Loan reimbursement
  • On-going training & development opportunities