Manager, Cyber Operations

Responsibilities

• Be a courageous safety leader, adhere to and sponsor safety and environmental rules and procedures
• Coordination and service delivery for internal and external customers
• Ensure appropriate governance is maintained across all areas of the Service (team lead, incident management, service delivery, change management, continual improvement, customer satisfaction and, operations availability and maintenance provision)
• Lead onboarding requests to ensure a successful transition to operations for security monitoring services
• Lead all aspects of onboarding new identities and environments, communicating with collaborators, the operation of the protect service and its continuous improvement
• Supervise overall performance of the services delivery team, identifying areas of improvement, efficiency, expansion or enhancement
• Ensure the cyber operations services (people and technologies) continues to operate
• Coordinate with regional and product cyber operations teams for innovative improvements to our global cyber operations business
• Support business and product owners as the subject matter expert (SME) for cyber operations services
• Lead and support the North America team on cyber operations services
• Lead the tactical weekly meeting, monthly customer management meeting, and support the quarterly executive meetings
• Capture business and product team requirements and recommend pragmatic solutions
• Provide technical guidance to cyber operations team technical analysis
• Be the point of escalation for cyber operations analysts in support of cybersecurity investigations
• Lead the Incident Response coordination and provide guidance and oversight on incident resolution and containment techniques. Carry out first responder actions, triaging and containing breaches
• Lead threat-hunting activities, looking for anomalies
• Ingest, analyze and contextualize data and turn that into intelligence for threat assessment and risk management
• Contribute to the creation, updating and distribution of incident response best practices to include response capabilities and recommendations to senior leadership when dealing with incidents that affect diverse platforms or business units
• Create quality control of reports, deliverables and playbooks in order provide clear guidelines for staff on operational procedures during incidents/critical issues
• Ensure security and compliance of cyber operations infrastructure
• Lead and support continuous improvement, tune SIEM, SOAR use cases, and assist in maintaining the cyber operations platform
• Lead technical workshops, and presentations of findings
• Lead the design, implementation, improvement, and maintenance of the cyber operations platform (SIEM, log management systems, correlation engine, EDR, and SOAR)
• Provide guidance and expertise supporting one or various Cloud infrastructure (Azure, AWS, GCP)
• Stay up-to-date with the latest Cybersecurity trends, news and threat landscapes, IoT, Big Data, Cloud Security, and Digital Transformation
• Train, coach and mentor the cybersecurity team 

Qualifications

• Bachelor degree in engineering, computer science, cybersecurity or related IT fields or job experience equivalent
• Minimum of eight years of relevant experience
• Proven experience leading SOC teams and environments
• Over five years of related experience on a Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) or a Security Operations Center (SOC)
• Solid background in System/Network Architecture, and Cybersecurity consulting
• Experience in building and assessing a secure infrastructure, Security Operation Centre, and Cloud infrastructure is an asset
• Currently holding one or more Cybersecurity industry recognized certifications: ISACA, ISC2, GIAC SANS, CompTIA, Offensive-Security
• Proficient with NIST Cybersecurity Framework (CSF), Cyber Kill Chain, MITRE ATT&CK and d3fend
• Proven experience in building SOC infrastructure, SIEM technologies, processes, playbooks, correlation rules, and incident reports
• Experience in Cloud infrastructure and Cloud security monitoring
• Experience in DevOps technologies like, containers, kubernetes, CI/CD pipeline
• Experience as a SOC technical lead or SOC manager
• Experience in designing secure architecture and workflows
• Experience working in a SOC environment (Internal or MSSP), supervising enterprise environments, and Operation Technology (OT)
• Experience working on a critical operations team
• Solid understanding of numerous of operating systems, from the latest to legacy Windows, UNIX. Embedded OS, platforms is a plus
• Solid understanding of security incident management, malware management and vulnerability management processes
• Security monitoring experience with one or more SIEM technologies
• Experience building, integrating, and maintaining SOAR platform
• Knowledge of networking: TCP/IP, WAN, LAN, VLAN, MPLS, VPN, firewalls, switches, proxy
• Knowledge of system infrastructure: Unix/Linux OS, LDAP, DNS, DHCP, SMTP, NTP, associated anti-virus/EDR
• Motivated to continuously improve skills through training and mentoring
• Strong written communication and presentation skills
• Adaptable and able to work independently
• Problem solver, negotiator and consensus builder