Director of information technology security job description

The Director, IT - Security Operations will lead and operate our Enterprise Security Operations Center, which includes internal employees and Managed Service Providers. This role will be accountable for ensuring our ability to efficiently and effectively detect, analyze, and respond to the organization's information security threats. As a key member of the IT Security leadership team, this role brings current knowledge and future vision to support the evolution of our core security operations and leading the improved adoption of new practices and capabilities to mature our overall cybersecurity posture.
This role is hybrid based with three days in office at our HQ location in Bridgewater, NJ.

* Develop strong working relationships with support teams, management, and cross functional working groups.
* Ensure appropriate governance over Managed Service Providers
* Provide appropriate inputs to the problem management process while supporting other team members in processes and techniques used to manage significant incidents.
* Provide oversight of the 24x7x365 Security Operations Center (SOC) and Security working teams to support security monitoring, protection, and delivery of security services for the organization.
* Own responsibility for continued/active communication and escalation channels between various teams and working groups within the organization, and with external vendors or security service providers.
* Identify SOC and Incident Response processes and standards across the organization.
* Own the critical process steps - detection, validation, containment, remediation, and communication - for security events and incidents such as malware infections, potential compromise, Distributed Denial of Service (DDoS), etc.
* Drive strategy for Security Incident and Event Management (SIEM) and oversee the effectiveness of the technology and process. Involve appropriate tuning, correlation of critical logs, connection to incident response process, and reporting of relevant metrics.
* Member of the Security Incident Response Team (SIRT) by responding to critical security incidents and leading escalation teams with response, containment and remediation.
* Provide guidance to develop, maintain and promote a set of security operations playbooks with internal IT teams and external working groups to effectively trigger and execute the security incident response process.
* Propose new standards, tools, policies and procedures to improve security, compliance and risk management activities based on security operations findings, or security events or incidents.
* Report status on activities, issues, projects, etc. to senior management, including the effectiveness and efficiency of security activities.
* Collaborate with IT teams and security colleagues to ensure audit readiness, and to prepare for internal and external audits.

Qualifications

* 10 years of experience in Security Monitoring / Incident Response.
* Experience managing and leading a Security Operations team.
* Advanced understanding of the information security threat landscape. Should be up to date on current attacker tools, techniques, and procedures.
* Ability to quickly and effectively investigate security incidents, perform root cause analysis, and document findings.
* Understanding of frameworks and standards, such as SANS Institute Critical Security Controls, ISO/IEC 27001/2, COBIT 5, NIST, OWASP, and Risk Management Frameworks, as well as Privacy Act and other rules and regulations.
* Understanding of cybersecurity principles such as encryption ports, protocols & services, policies, procedures, physical security, risk management, configuration management, ethics, access control, security architecture, continuity of operations, contingency planning, application security, network security, etc.
* Experience in penetration testing, threat intelligence and detection of incidents / network monitoring.
* Understanding of existing and emerging technologies.
* Experience of being a member of Cyber Incident Response teams (as a member and leader).

Education and Experience

* Bachelor's Degree in Information Technology, Computer Science, Security or equivalent educational or professional experience and/or qualifications.
* Security certifications such as CISSP, CISM, CEH, Security+ or equivalent certifications a plus.

L3Harris is searching for talented entry level Information Systems Security support professional to join the L3Harris Security Operations Team. This is a Level E Support Information Systems Security (ISS) position that is staffed is onsite in the Security Operations Control Center (SOCC).
Essential Functions:

+ Must be able to work in a fast-paced ever-changing environment.

+ Responsible for tier 2 security configuration troubleshooting.

+ Applies baseline security configurations to network equipment.

+ Completes password change management on a variety of different network devices.

+ Supports maintenance requests by collaborating with onsite technicians, troubleshooting and testing of configurations.

+ Maintains currency of security threat prevention tools including updates and signatures.

+ Maintains wiki work reference library and ensures articles are up-to-date and accurate.

+ Collaborates with security engineering to assist in device configuration updates and troubleshooting of security equipment.

+ Supports end user troubleshooting of account issues, remote connectivity capabilties, and VPN connections.

+ Provides on-call support when escalation is required or as required by customer.

+ Provides subject matter expertise, on-the-job training, and training materials for junior analysts.

+ Completes monthly metrics collection and analysis of security team effectiveness.

Qualifications:

+ Requires a High School Diploma or equivalent and a minimum of 10 years of prior relevant experience or 2 years post-Secondary/Associates Degree with a minimum of 6 years of prior related experience.

+ Functional knowledge of Cisco routers and switches and CLI configurations.

+ Must have strong written and oral communication skills, be self-motivated and a self-starter, maintain a curiosity and desire to learn, and be able to work well in a team environment.

+ Ability to obtain and maintain a public trust clearance.

L3Harris Technologies is proud to be an Affirmative Action/Equal Opportunity Employer. L3Harris is committed to treating all employees and applicants for employment with respect and dignity and maintaining a workplace that is free from unlawful discrimination. All applicants will be considered for employment without regard to race, color, religion, age, national origin, ancestry, ethnicity, gender (including pregnancy, childbirth, breastfeeding or other related medical conditions), gender identity, gender expression, sexual orientation, marital status, veteran status, disability, genetic information, citizenship status, characteristic or membership in any other group protected by federal, state or local laws. L3Harris maintains a drug-free workplace and performs pre-employment substance abuse testing and background checks, where permitted by law.

About NYC Health + Hospitals

MetroPlus Health provides the highest quality healthcare services to residents of Bronx, Brooklyn, Manhattan, Queens and Staten Island through a comprehensive list of products, including, but not limited to, New York State Medicaid Managed Care, Medicare, Child Health Plus, Exchange, Partnership in Care, MetroPlus Gold, Essential Plan, etc. As a wholly-owned subsidiary of NYC Health + Hospitals, the largest public health system in the United States, MetroPlus Health network includes over 27,000 primary care providers, specialists and participating clinics. For more than 30 years, MetroPlus Health has been committed to building strong relationships with its members and providers to enable New Yorkers to live their healthiest life.

Position Overview
Plans, organizes, and manages the operations security solution to obtain established goals and objectives. Oversees operation of Security Operations and Incident Response team. Establishes and manages activities of security incident monitoring and response processes. Monitors Security Information Event Management (SIEM) alerts and other security related technologies. Provides leadership for the execution of response containment, remediation, andrecovery activities.

Job Description

• Analyzes events from the Security Information Event Management (SIEM) technology; creates custom rules and builds new use-cases to strengthen security event detection and correlation. Monitors and analyzes security events from other various security tools and technologies (e.g. IPS/IDS, antivirus/malware, firewall, data loss prevention, zero-day malware detection, Active Directory etc.) to identify potential incidents, network intrusions, and malware events.
• Analyzes and correlates incident.
• event data to develop preliminary root cause and corrective action plans.
• Manages first level triage security forensics activities on potentially compromised systems and unauthorized changes to production configurations.
• Maintains knowledge of latest cyber-attack strategies and recommends protective measures.
• Investigates suspicious network and endpoint activity. Manages "Chain-of-Custody" for all evidence collected during security investigations.
• Maintains processes for managing escalations and notifications to key stakeholders and managemen during security incidents.
• Collaborates with colleagues and key stakeholders, ensures security monitoring alarms conform with security strategy and threat landscape.
• Analyzes, recommends and implements monitoring and compliance procedures based on external and internal information security risk and vulnerability assessments.
• Maintains security and operational efficiency metrics through comprehensive reporting, including ad-hoc requests, historical/trend reporting, self-auditing and tracking capabilities.
• Updates dashboards communicating active security threats and issues on the production network.
• Builds efficiencies in incident tracking and incident handling via automation.
• Maintains current with new developments in security industry including alerts, bugs, vulnerabilities and viruses. Evaluates and reports on their potential business impact.
• Performs vulnerability testing, risk analyses and security assessments.
• Develops and produces status reports of tactical incident response operations constructed from discovered or reported issues.
• Engages Security Incident Response Team (SIRT) and related resources for effective detection, analysis, and containment of attacks.
• Assembles, evaluates, and implements performance and effectiveness metrics.
• Process change requests requiring IT Security approval, and reviews and processes requests for security policy exceptions.
• Participates and represents IT Security Team in the Change Advisory Board.
• Performs related duties, as required.

Minimum Qualifications

• Bachelor's Degree in Business Administration, Computer Science or related technology field.
• Minimum of five (5) years progressively responsible security incident response and technical forensics investigation experience.
• Strong decision making, analytical, problem solving, interpersonal and communications skills and ability to work with all levels of management.
• Demonstrated expert level skills in security incident monitoring and response practices.

Preferred

• Incident handling forensics skills including knowledge of common probing /attack methods, network/service discovery, system assessment, viruses and other forms of malware is highly desirable.
• Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, preferred.