About the Job:
The Cybersecurity Defense Manager is responsible for overseeing the third-party provision of SOC for ADC and for managing the organization's cybersecurity incident response governance. The role will lead and ensure the effective detection, response to, and resolution of security incidents. The role is also responsible for overseeing vulnerability assessments and penetration testing activities to identify and mitigate potential security risks.
The role will oversee different aspects of SOC to protect the company's digital assets from cyberattack. The role will develop SOC related governance policies, procedures and response protocols to ensure effective incident management and mitigation. The role will coordinate with executive leadership to communicate security posture, incident trends and make strategic recommendations.
Responsibilities:
-
Forensics: Oversee the Collection and preservation of digital evidence from various sources, including computers, mobile devices, servers, network logs, cloud services, and storage media. Create forensic images or copies of digital storage devices using specialized tools and techniques. Oversee the malware analysis and reverse engineering to analyze malicious software, code snippets, and suspicious files recovered during digital forensic investigations. Oversee network traffic analysis and packet capture to investigate security incidents, data breaches, and network intrusion. Provide expert testimony and technical guidance in legal proceedings, court hearings, depositions, and arbitration related to digital evidence and forensic findings.
-
Pen Testing: Coordinate and oversee penetration testing activities to assess the effectiveness of security controls and identify vulnerabilities that could be exploited by attackers. Collaborate with stakeholders to define the scope and objectives of the penetration testing engagement. Conduct threat modeling exercises to identify potential attack vectors, threat actors, and high-risk areas within the organization's infrastructure. Drive the post-exploitation activities to assess the extent of compromise, lateral movement, and persistence within the target environment.
-
Vulnerability Assessment: Conduct regular vulnerability assessments to identify weaknesses and potential security risks in the organization's systems, networks, and applications. Prioritize security vulnerabilities identified through vulnerability scans, penetration tests, and security assessments. Coordinate vulnerability remediation efforts with system administrators, network engineers, and application owners to address identified security weaknesses.
-
Cybersecurity Incident Management- SOC: Coordinate the onboarding exercises for third party provision of SOC services. Oversee the third-party provision of a SOC for ADC on: Monitoring & Detection, Incident Triage and Analysis, Threat Intelligence Analysis, Security Incident Response, Compliance Monitoring and Reporting.
Minimum Qualifications:
Bachelor’s or Master’s degree in computer science, information technology, cybersecurity, or a related field required. At least 15 years of experience in working in cybersecurity with proven experience in cybersecurity operations, incident response, and managing a Security Operations Center (SOC) is essential. At least 4-5 years of experience in leading Cybersecurity operations and IR for a mid to large size organization and proven experience in conducting security assessments and incident response, traffic and malware Analysis, forensics, and analysis of security and infrastructure logs etc. Professional certifications in cybersecurity are highly desirable, such as Certified Information Systems Security Professional (CISSP), Certified Incident Handler (GCIH), Certified Ethical Hacker (CEH), or Certified Information Security Manager (CISM).
