Uncubed

Director of Cyber Security Incident Response and Security Operations.

Endurance International Group, Burlington, MA

A Company Built to (Em)Power


In this position, your primary responsibility will be for the 24x7 operations of Cyber Security Incident Response Center (CIRC), Cyber Security Incident Response Team (CSIRT) and Security Operations Center (SOC). Reporting to the Chief Security and Privacy Officer, other responsibilities include security incident and event response management, including identification, triage and response to security breaches, SOC metrics design and reporting, including SOC performance, efficiency, capacity, security controls, as well as apparent attacks, breaches, and other pertinent data for review with stakeholders and at the executive management. Sets department direction, motivates staff to achieve direction and contributes to the strategy and direction of Information Security solution delivery and operationalization.

The Director, Cyber Security Incident Response and Security Operations have strong and demonstrable hands-on expertise in network security monitoring and incident response. Also, he/she will lead the following areas Predictive monitoring, Threat and Vulnerability Management, Threat Hunting and Cyber Security Risk Assessments. This will be accomplished by pulling together information from a variety of systems; and normalizing and correlating the information. The CIRC provides real-time (or near real-time) detection and reaction services for information security incidents within the company. Decision making is one of the most important traits.

In year one (2018) the Director will build capability using an MSSP/MDR co-source model while planning to build in-house from 2019 onwards.

Essential Job Functions and Accountabilities:

  • Perform in-depth network security analysis and work with the SOC analyst team conducting incident response, event analysis, and threat intelligence for the corporate enterprise
  • Provide both strategic analysis and near real-time auditing, analyzing, investigating, reporting, remediation, coordinating and tracking of security-related activities for the corporate enterprise
  • Analyze data and prepare reports that document vulnerabilities from network based attacks and recommends actions to prevent, repair or mitigate these vulnerabilities
  • Provide technical mentoring to other team members
  • Establish and create standard operating procedures for a variety of computer network defense (CND) related tasks/positions within the team
  • Provide technical expertise on post-event network security logs and trend analysis
  • Review security events that are detrimental to the overall security posture; analyze and detect sophisticated and nuanced attacks and discern false positives and provide results to management
  • Perform correlation of events from a variety of network, enterprise and host collection sensors
  • Coordinate and liaise with other departments within the company and external auditors with information regarding intrusion events, security incidents, and other threat indications and warnings information
  • Demonstrate both technical acumen and critical thinking abilities
  • Experience with trouble ticketing and change management tools
  • Coordination and escalation of issues to the Incident Response team
  • Provide detection and response to security events and incidents within the Network
  • Web application vulnerability scanning
  • Security log management and monitoring
  • Intrusion detections and prevention systems operations
  • Maintaining information security metrics

 

 

Desired Skills/Experience:

  • Security log management
  • Strong analytical, documentation, and communication skills
  • Strong understanding of IDS & IPS technologies
  • Strong understanding of Windows, Linux, OSX
  • Experience with enterprise information security data management tools such as LogRhythm, ArcSight, Splunk, QRadar; etc.
  • Understanding of network traffic analysis
  • Must possess planning, organizational, and motivational skills, able to write clearly and succinctly in technical and non-technical formats.
  • Experience in root cause analysis, industry benchmarking, survey evaluation and data interpretation is required.
  • Able to infuse innovation and creativity to strategic plans.
  • Possess knowledge in the area of emergency/disaster management, physical security, critical incident stress management, risk management and business resiliency
  • Familiar with emergency procedure protocols and regulatory interfaces.
  • Experience in leading a team.
  • Strong analytical, critical thinking and problem-solving skills.
  • Ability to establish and maintain cross-functional and positive working relationships.
  • Proven ability to influence key business partners.
  • Ability to build a strategic vision and drive organizational change.
  • Strong organization and planning skill with the ability to work in and define ambiguity/gray areas.
  • Ability to work under stressful and tight deadlines as well as the ability to manage in a fast-paced environment.
  • Ability to multi-task, discerns patterns in details.
  • Think through problems for logical solutions, and remain calm and professional under stress.
  • Strong decision-making ability during both crisis and non-crisis situations.
  • Able to work with highly confidential information.
  • Able to work and communicate effectively with all levels of leadership. Serve as focal technical lead on incident events and incidents.
  • Must be technical, hands-on and also capable of serving as the primary point of contact with senior management
  • Summarize events/incidents effectively to different constituencies such as legal counsel, executive management and technical staff, both in written and verbal forms.
  • Managing the chain of custody for all evidence collected during incidents and security investigations
  • Create a curriculum and conduct in-house training sessions, individualized if needed, for IR staff, to ensure appropriate development of skills and continued innovation as well as facilitating incident management team exercises and events

 

About Endurance International Group

Founded in 1997, Endurance has grown into an international family of brands that provides small business owners with the tools they need to establish and build their web presence, get found in online search, and connect with customers through social media, email marketing, and more. At the heart of our technology is a commitment to (em)Powering small businesses and ensuring their success online. It’s what drives our 4,000+ employees every day. And it’s what ultimately changes the lives of our 5 million+ customers.

Want to learn more about Endurance International Group? Visit Endurance International Group's website.