Overview The Manager, Cybersecurity Incident Response & Threat Management is responsible for overseeing a team of skilled Incident Response engineers and cybersecurity analysts to ensure early and accurate detection, response, containment and recover from cyber threats directed at M Health Fairview. This role reports into Director of Cybersecurity helping build strategy, roadmap and execute on targeted plans to accomplish digital transformation. As a security practitioner and lead technical subject matter resource, the ideal candidate possesses deep security knowledge/expertise in the areas of threat detection, threat hunting, vulnerability management, advanced analytical skills reviewing IOB/IOCs and preparing targeted remediation plans where necessary. Successful candidate in this role will lead analysis, investigation and response to potential breaches involving any technology used today: mobile devices, laptops and workstations, servers, networking switches, IoT devices, or cloud-based accounts and infrastructure. Manager will continually augment and strengthen Digital Forensics Incident Response skill set for self as well as helping develop the skills of the entire Incident Response team. Responsibilities/Job Description The Manager, Cybersecurity Incident Response & Threat Management has key responsibilities include the following: - Lead and serve as a mentor for internal Threat Hunting, Incident Response and Forensics team, actively improving our capabilities.
- Partner with Cyber Security Operations Center and Engineering groups to improve operations, detection, response and recovery.
- Drive end-to-end Cybersecurity incident response activities, serve as an escalation point for high priority or complex incidents.
- Drive continuous refinement and improvement of incident response processes, playbooks, Standard Operating Processes (SOPs).
- Grow and mature Threat Intelligence Program and applicability of detected threats to drive actionable intelligence.
- Identify gaps in visibility and detection methodologies. Regularly evaluate current log quality and content development strategies, identify new data sources to enrich logs and new threat detection logic.
- Provide incident metrics to other Cybersecurity and business leadership.
- Build and maintain relationships with M Health Fairview IT and business stakeholders
- Build and maintain relationships with local law enforcement and cyber defense authorities
- Build and maintain relationships with key vendors.
- Participate in internal and/or external audits as required.
- Assist in developing and enhancing Cybersecurity strategy and roadmap
- Collaborate with Cybersecurity and IT Risk Management peers to improve automated correlation, vulnerability scanning, code review/applications testing and other detection security tools
- Manage security tools and associated professional service contracts and deliver capabilities
- Partner with Infrastructure and Security leadership teams to develop use cases for security automation and response, logging, monitoring, threat defense
- Contribute to the execution of Cyber Security operations, incident response, and investigations spanning across all functions of the Cybersecurity organization
Qualifications Required Education - Bachelors degree in Computer Science, Engineering or associated fields OR combination of relevant education/experience.
Experience - 12+ years of experience in IT and associated fields with minimum of 8 years in Information Security area
- 3+ years of experience in leading Cybersecurity Operations, threat hunt, incident response, digital and/or network forensics, threat and vulnerability management functions
- Deep experience with most common operating systems (Windows, macOS, Linux, iOS, Android) and their file systems (ext3/4, HFS+, APFS, NTFS, exFAT, etc.).
- Demonstrated ability to lead technical teams and strategic projects.
- Development of incident response and operations processes and playbooks
- Understanding of common security tools, instrumentation, and detection methodologies EDR, SIEM, IDS/IPS, proxies, etc.
- Understanding of core networking concepts (TCP/IP, etc.) and common protocols (HTTP, SMB, etc.).
- Understanding of tools, techniques used by hackers to breach networks, server systems, cloud workloads or applications
- Exposure to Zero Trust Security approach and methods
- Demonstrated understanding of security related technologies and practices, including: authentication and authorization systems, endpoint protection, encryption, segmentation strategies, vulnerability management, network and Host Incident Detection and Prevention, Data Loss Prevention, Data Security, risk based and strong authentication, cloud access security, secure remote access, firewalls, Application Security etc.
- Diverse technical background and exposure to enterprise networking, firewall, storage options, server infrastructure, operating systems, application development, database technologies, and desktop operating systems and cybersecurity.
- Excellent abilities to effectively communicate both verbally and written with all levels within the organization
- Ability to influence through outstanding interpersonal skills, collaboration, and negotiation skills both in-person and remote work environments
- Deliver on SLA/OLA commitments under tight deadlines and/or budgetary and other resource constraints
Preferred Education - Bachelors or higher degree in Computer Science, Cybersecurity, Engineering or associated field
Experience - 15 years of experience in Cybersecurity and infrastructure management areas
- 5 years of experience in managing people and delivering large information security programs
- Experience working in the healthcare services industry or other highly regulated and/or compliance oriented environments.
- Experience in leading RED/BLUE/PURPLE teams
- Managing delivery of Security programs using strategic and global teams
License/Certification/Registration - Industry certifications such as CISSP, CISM, GCFE, GCIH, CCE, EnCE or equivalent digital forensics / incident response certification.
|
