Manager, Security Operations | 24248
Manager, Security Operations
Reports to: Senior Manager, Security Operations
ServiceNow is building a global 24x7 incident response team, with people located in North America, APJ and EMEA. ServiceNow is looking to expand and mature the team in Australia to help cover its rapidly growing operations. The manager of the security operations team in Sydney will be responsible for managing and leading the existing team located there, increase capabilities and maturity of the Sydney team, recruit and hire new staff, perform relevant administrative tasks, and oversee monitoring, detection and response to security incidents within that team's area of responsibility.
The Incident Response personnel investigate, analyze and manage response activities related to computer security incidents and data acquisition efforts within ServiceNow. These tasks include, but are not limited to: creating and maintaining incident tracking information; planning, coordinating, and directing recovery activities; and incident analysis tasks, including examining all available information, and supporting evidence or artifacts collection related to a security incident or event.
The manager will be expected to manage and coach the response team members to ensure that response to cyber security incidents are being performed consistently, adequately, and in a timely manner, train and develop the response team members, and bring thought leadership to ServiceNow in an effort to continuously improve incident response and security operations, overall. Additionally, coordinate response to significant incidents and assist with identifying information security risks and gaps, and assist with developing recommendations and plans to address risks and gaps.
The team based in Sydney is part of a larger global security operations team which monitors, detects, and responds to threats, analyzes threat intelligence, hunts for threats and is a key element of ServiceNow’s defense posture.
Periodically, will be called upon to handle incident escalations, interface and collaborate with other managers within ServiceNow, respond to priority situations in a timely manner, and may be required to brief executive level management.
Key Responsibilities Include:
Act as the primary escalation point for cyber security incidents within your area of responsibility, coordinating activity as needed and escalating when appropriate
Provide leadership to the security incident response team, act as a coach for incident responders and provide overall management of the team
Assess incident scope and impact
Prepare formal reports on incident findings
Act as a first responder for cyber security incidents as needed
Technical security leader responsible for monitoring of a global SaaS platform
Driver of the organization’s security incident response program and all associated processes
Measure and track KPIs and security incident response metrics
Responsible for hiring and retaining skilled security professionals
Utilize extensive technology resources to protect a massive multi-national datacenter production network
Instrument security monitoring technologies and alerting
Manage the team performing real-time computer security Incident Handling including forensic collections, intrusion correlation, threat analysis, and direct system remediation tasks to support Incident Response Teams (IRT)
Manage the team performing computer security incident triage to include determining scope, urgency, and potential impact as well as identification the specific vulnerabilities and make recommendations that enable remediation
Serve as a technical expert and liaise with other internal investigative and legal groups by providing support in reviewing forensic analysis, reports, and data and collaborate with other teams within ServiceNow
Manage the team performing analysis of logs from a variety of sources within the enterprise, to include individual host logs, network traffic logs, firewall logs, and intrusion detection system logs
Track and document security incidents from initial detection through final resolution including documenting requests and activities in case management system
Coordinate with and provide expert technical support to resolve computer security incidents working with other information security specialists to correlate threat assessment data, as needed
Document new and update current program procedures providing guidance and reports on incident findings to appropriate constituencies
In order to be successful in this role, we need someone who has:
Prior experience managing a security incident response team
Advanced understanding of Security Operations Center and Security Incident Response Team protocols and procedures
Ability to author clear and concise incident reports
Ability to work independently without direction for day to day activities
Ability to analyze and understand technical information
Ability to successfully interact with other managers and stakeholders
Manage resource scheduling during the time zone to ensure meeting SLAs and critical security incident handling coverage
Demonstrate strategic and tactical thinking, quantitative and analytical skills, while under pressure
Familiarity with general information security concepts and practices
Familiarity with change and incident management concepts and processes
Capable of learning new concepts and processes quickly, and adapting to a constantly changing environment.
Significant knowledge of security incident response processes and the ability to document and manage these processes
Strong communication skills with the ability to develop and maintain productive relationships across multiple teams in ServiceNow’s Saas and corporate environments
Experience gathering and auctioning threat intelligence data
Background working with data logging applications (SIEM)
Knowledge of internet security protocols and technologies.
The ability to analyze event and systems logs, perform forensic analysis, analyze malware, and other incident response related data, as needed.
Familiarity with intrusion detection systems and tools.
Knowledge of attack vectors, threat tactics and attacker techniques.
Understanding of Windows and Linux operating systems
Deep network and application security monitoring expertise preferably in a SaaS or multi-tenant computing environment
GSEC, GCIH, CEH, or GCIA certifications are a plus
ServiceNow is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, age, disability, gender identity, or veteran status. If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may contact us at (408) 501-8550, or firstname.lastname@example.org for assistance.