Senior Manager, Information Security - Threat Hunting

TD Bank
Laurel, DE
Feb 15, 2018
Feb 22, 2018
Full Time
Job DescriptionAbout This Role Reporting to the AVP, Threat Intelligence and Analytics, the Senior Manager. Threat Hunting is responsible for leading a team in the detection, disruption, and the eradication of threat actors from enterprise networks. The Threat Hunting team will use advanced analytics, threat intelligence, and cutting-edge security technologies to participate in threat actor based investigations, create new detection methodologies, and provide subject matter expertise to incident response and monitoring functions. The Senior Manager, Threat Hunting will also directly support the Cyber Security Operations Center and other internal teams by applying analytic and technical skills to investigate intrusions, identify malicious activity, and potential insider threats.Meaningful work is fueled by meaningful performance and career development conversations with your manager. Here are the essential job functions of this position: Lead threat hunting operations using threat intelligence, analysis of anomalous log data and results of brainstorming sessions to detect and mitigate threat actors on the networkDevelop advanced methodologies to identify threat actor groups and associated tools, techniques and proceduresProduce metrics and develop dashboards to identify potential threats, suspicious/anomalous activity, malware, etc.Drive the tuning of detection infrastructure with technology teams to identify emerging threatsDocument best practices to enhance analyst playbooks, response procedures, and courses of actionSupport the Cyber Security Operations Center and other internal teams by applying analytic and technical skills to investigate intrusions, identify malicious activity, and potential insider threats Ensure team follows internal policies and procedures, technology control standards and applicable regulatory guidelines. Adhere to and advise on, oversee, monitor, enforce enterprise frameworks and methodologies that relate to technology controls / information security activities. Grow team expertise so it aligns with company demand and TD's direction; assess team skills and capabilities and find ways to improve value delivered. Responsible for management of the overall team(s) providing both leadership and guidance. Set targets and objectives for the team. Provide coaching, development, succession, recruitment, resource management and overall team leadership for team members, regularly contribute to performance and development plans. Other duties as assigned * Driving Requirements: as needed * Travel Requirements: as neededJob RequirementsWhat can you bring to TD? Share your credentials, but your relevant experience and knowledge can be just as likely to get our attention. Here are the minimum requirements for this position: University Degree. Information Security Certification / Accreditation an asset. 10+ years of relevant experience. Advanced knowledge of the business and technology standards. Thought leadership with deep expertise and knowledge of the business and technology standards. Experience leading, overseeing/managing a team or group(s) of moderate to large or in size, scope, risk and complexity. Excellent communication, negotiation and organizational skills, including the ability to present options in business terms to both IT and business staff including executives. QualificationsPreferred Qualifications - Here are the preferred qualifications for this role: At least 5 years of previous experience working in hunt teams, threat intelligence, incident response, or security operationsStrong working knowledge of security-relevant data, including network protocols, ports and common services, such as TCP/IP network protocols and application layer protocols (eg HTTP/S, DNS, FTP, SMTP, Active Directory etc.)Completion of at least one of the following: GCIA, GPEN, GWAPT, GCIH, GSEC, CCNP, CISSPAbility to define events vs. alerts vs. incidents for the organization, and create incident classification, severity, and priority tables in line with all threats, risks and vulnerabilities Ability to develop and document Intelligence intelligence artifacts such advisories, AoA (Anatomy of Attack) and relevant detection and mitigation patterns