Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Director, Cyber Security Operations Infrastructure Newark, NJ GCFA, GCIA, GNFA, GCTI, GREM, GCIH, GCFA, or GPEN InfoSec Jobs

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Director, Cyber Security Operations Infrastructure
Company Prudential Financial
Location Newark, NJ
Preferred GIAC Certifications GCFA, GCIA, GNFA, GCTI, GREM, GCIH, GCFA, or GPEN
Travel 10%
Salary Not provided
URL https://wd5.myworkdaysite.com/en-US/recruiting/pru/Careers/job/Newark-NJ-USA/Director--Cyber-Security-Operations-Infrastructure_R-105555
Contact Name Send resume copy to
Contact Email abessette/at/sans.org
Expires 2022-03-20

Job Description

Prudential’s Global Technology (GT) team is the spark that ignites the power of Prudential for our customers and employees worldwide. Our organization plays a critical and highly visible role in delivering customer-driven solutions across every area of the company. The Global Technology team is made up of diverse, agile-thinking, and highly skilled professionals; we use our combined capabilities to enable the organization with innovation, speed, agility, scalability, and efficiency.

The Global Technology team takes great pride in our culture where digital transformation is built into our DNA. When you join the Global Technology organization at Prudential, you’ll unlock a challenging and impactful career – all while growing your skills and advancing your profession at one of the world’s leading financial services institutions.

The Cyber Security Operations Center (CSOC), serving as the first line of cyber defense for the company, within the Information Security Office (ISO) of Prudential is looking for a talented Director, Cyber Security Operations Center (CSOC) Infrastructure, to lead the team of engineers that supports the CSOC. The Prudential CSOC Infrastructure Team onboards new technologies into the CSOC operational model, leads use case development, is responsible for SOAR initiatives, and designs cyber threat intelligence operationalization for CSOC, among other CSOC support functions. Director, Cyber Security Operations Center (CSOC) Infrastructure Team will provide guidance and target engineers on various sub teams to develop integrations, correlations, processes, and SIEM content to better protect the environment. Candidates for this role are expected to be very capable cyber defense engineers with a background in defensive Cyber Operations and SIEM tooling. The CSOC, and the larger ISO, are dynamic teams that look for self-motivated talent. Meaning, the CSOC will embrace and leverage the background and skill sets the candidate brings to the table to better the overall organization. Candidates would utilize their background in networking, operating systems, and security tools/knowledge to not just advance the capabilities of the CSOC, but to also assist the CSOC Threat Analyst team if questions or additional context is required for analysis. Besides the more traditional SOC engineering/use case development, the candidate will have opportunities to become involved in providing feedback to improve the configuration of the tools/products used by the CSOC to better the defensive operations of Prudential as a whole. By joining the Prudential CSOC, the candidate will have the opportunity to lead a rapidly evolving team, with the opportunity and expectation to provide their input, as a thought leader, towards the direction of the organization. Candidates will be working under an experienced management team that has collectively over 25 years of InfoSec experience and have lived the life of an analyst as well as the Director, Cyber Security Operations Center (CSOC) Infrastructure Team. Additionally, Prudential believes in keeping up/expanding the technical and soft skills of our CSOC team members as they progress.

Expectations:

Manage the CSOC Infrastructure team to design playbooks for analyzing potential security incidents as well as developing Incident Response procedures to help the Threat Analysts determine impact/scope of the incident. With the expectation that the candidate can serve as an escalation point if questions arise from the Threat Analyst team.

Directly responsible for a team of CSOC Infrastructure Engineers, their associated project work, direction, integrations, collaborations, and environmental improvements, while also functioning as an individual contributor on initiatives.

Integrate, enhance, and build processes around Cyber Threat Intelligence for the CSOC Threat Analyst team.

Interface with technical and non-technical personnel within other teams in the ISO, management, as well as the larger organization, including the BUs, as required to improve the security posture of Prudential. Clear, concise, and technically accurate communication skills are critical for this position.

Create, maintain, and update CSOC use case documentation/version control including SPL, code, processes, and escalation/containment procedures.

Appropriately inform/advise the CSOC Leadership and ISO management on use case coverage of potential attacks/risks and the status of current controls, including conversations with Audit and Risk.

Participate in and coordinate knowledge sharing within the CSOC to ensure the team has the context they need to defend Prudential, as well as develop solutions/use cases/detections efficiently.

Manage the engineers and project work of the various subteams within the CSOC Infrastructure Team; ex. Endpoint, Cloud, Database, Phantom, Resilient, Splunk, Intel, etc. sub teams.

Lead the following initiatives, working with the subteam leads on the CSOC Infrastructure team; manage/perform data onboarding into our logging and SIEM platform, manage/perform new use case development of said onboarded data, further the integration of SOAR technologies into the CSOC workflows/processes, further integrate cyber threat intel into the CSOC, and enhance/maintain/support the malware lab to facilitate analysis by the CSOC Threat Analyst team.

Interface/coordinate with the advanced use case development being performed in the Hunting team, partner with High Tech Investigation Unit (HTIU) incident responders to develop new use cases based on investigations, understand new security technologies being brought into Prudential by the ISO, and work with the SMEs within the CTO organization to improve the security of various systems.

Work very closely with the Director of the CSOC Threat Analyst Team, as well as the leader over both the Infrastructure and Analyst teams to jointly set the direction for the CSOC as a whole.

Manage the instruction/training of the CSOC Threat Analyst Team when new use cases are created and field the Threat Analyst’s team’s questions on new/deviations of use cases.

Function as the primary stakeholder and point of accountability of the CSOC Infrastructure Team.

Work closely with the High Technology Investigations Unit and Hunting team to develop new use cases, ensure coverage of attack signatures, Tactics, Techniques, and Procedures (TTPs), associated with advanced threats, and remediate security issues found in the environment.

Qualifications:

Bachelor's degree in Information Technology, Information Security, Computer Science, or a related discipline; OR 5+ years equivalent direct work-related experience in lieu of a degree.

5+ years or more experience in a corporate IT environment in addition to a degree.

5+ years of solid, diverse work experience in the Information Security industry.

3+ years working in the higher tiers of SOC/SIC/CSOC and/or in a leadership role in a SOC/SIC/CSOC and/or in a CSOC related engineering role, preferably including incident response/analysis work.

The candidate is expected to have an extensive background in leveraging Splunk (ES & Phantom), Cloud technologies, Endpoint/Server technologies, and Incident Response ticketing (IBM Resilient) in a Security Operations environment.

Although not directly responsible for the Threat Analysis team, the candidate must have worked closely with a Cyber Operations team and must demonstrate competence as an Analyst as well Incident Response, as the best use cases and process documentation are developed by someone who has lived the life of an Analyst/Responder.

Prior Experience managing a team of engineers in a Cyber Security context is preferred, including in depth knowledge of cyber incident ticketing, tracking, and metrics generation.

Deep understanding of IT Security practices/programs as well as networking, endpoint, cloud, server, *nix, and windows concepts/tools.

Previously demonstrated experience with industry standard cyber defensive tooling, advanced problem solving & analytical skills, documentation/process development experience, malware analysis concepts and methods, the Cyber Kill Chain, MITRE ATT&CK Framework, Cyber Threat Intelligence, and understanding of the life cycle of network/endpoint attacks/methods of exploitation.

Motivated self-starter with strong written and verbal communication skills, and the ability to articulate/document complex technical scenarios / analytic findings while providing briefings to various levels of staff / management.

Team player that can work with GT members and businesses around the world in different time zones, with a diverse cultural background while being respectful of local customs.

Demonstrated passion about the information security field and cyber defense, including commitment to training, self-study, and maintaining proficiency in the technical cyber security domain.

Windows (PowerShell, etc.) and UNIX/Linux command line scripting (Bash, Python, etc.) experience. Additional programming experience a plus, especially Python. Preferably including prior automation experience in a SOC setting.

IT Security certification beyond intro level certifications, (e.g., GCFA, GCIA, GNFA, GCTI, GREM, GCIH, GCFA, GPEN, OSCP, etc.).

Previously demonstrated ability to navigate high pressure situations, while being the accountable decision maker.

Deep knowledge of the Splunk Security Stack is a huge plus. If lacking prior exposure to the Splunk Security Stack, demonstrated experience with another comparable SIEM and SOAR tool.

Previous exposure to Agile working methodology and/or working with JIRA a plus.