Cyber Security Operations Director
|Location||New York City, NY|
|Job ID Number||SFG 7018020802|
Duties and tasks to be performed include, but are not limited to:
- Identify, respond, and mitigate sophisticated threats to MAF and coordinate efforts with portfolio companies.
- Conduct incident response activities, including advanced investigation (forensic, malware analyses, root cause analysis etc.) to investigate potential intrusions and develop remediation guidance.
- Perform the activities necessary for the immediate, short-term rapid resolution of incidents to minimize risk exposure and production down-time
- Maintain a professional communicative relationship with clients and management to provide information throughout the incident, problem, and change management cycles.
- Coordinate and drive efforts among multiple business units with the companies during response activities and post-mortem.
- Proactive monitoring of internal and external-facing environment using security capabilities.
- Provide timely, comprehensive and accurate information to MAF and portfolio company leadership in both written and verbal communications.
- Proactively research and monitor security-related information sources to aid in the identification of threats to MAF and portfolio networks, systems and intellectual property.
- Lead and mentor other staff members on incident response, analysis and tools.
- Routinely develop and update incident response playbooks to ensure response activities align with best practices, minimize gaps in response and provide comprehensive mitigation of threats.
- Developing threat awareness and education briefings.
- Maintaining technical proficiency in the use of tools, techniques and countermeasures.
- Maintaining professional knowledge of trends in computer and network vulnerabilities and exploits.
- Responsible for the development and on-going reporting of program metrics.
- Participation in the production of cohesive technical intelligence reports.
- On call and after hours work can be expected.
- BA/BS degree in Information Technology or Information Security, Computer Science, Intelligence analysis, Cyber Security or another related field of study.
- Overall 10+ year of professional experience with 7+ years in Cyber Security Operations.
- Candidate must have knowledge of cyber terminology, tools, and concepts.
- Expert technical skills proficiency in the following areas: network communication using TCP/IP protocols, basic system administration, malware (malware communication, installation, malware types), computer network defense operations (proxy, firewall, IDS/IPS, router/switch, open source information collection)
- Unix/Linux background & work experience.
- Experience with and knowledge of cyber incidents and APT intrusion sets.
- Demonstrated experience with information security tools (SIEM, FPC, signature development).
- Demonstrated experience with networking, system administration, architectures and security elements
- Resource must be able to identify and interpret logs from various servers and services such as Firewall, web, sql, and applications.
- The candidate should have the ability to build intrusion related data visualizations and perform analysis (i.e., using I2 Analyst Notebook, Maltego).
- Effective communication skills (both written and verbal).
- Demonstrated excellent customer service and teaming skills.
- Experience researching and tracking APT campaigns.
- Conceptual understanding of the Cyber Kill Chain, Intelligence Driven Defense and/or Diamond modeling of cyber threat activity.
- Experience working with and managing service providers.
- Malware/ Reverse Engineering experience.
- Enterprise incident handling experience.
- Forensic analysis experience.
- Programming and scripting experience, should be comfortable with regular expressions.
- Advanced proficiency in network analysis and using network security tools.
- Experience with architectures and security elements.
- Proven accountable, dependable and reliable work ethic.
- SANS GIAC GGCIH/GCFA, CISSP.
- Experience with the following technologies:
- Windows, Mac, Linux, AIX
- Palo Alto Firewalls
- Microsoft Office 365 SPE Security Suite
- Crowdstrike Falcon or similar EDR
- Nexpose and Metasploit
US Citizens and those authorized to work in the US are encouraged to apply. We are unable to sponsor any candidates at this time.