If you have interest in this position please send resume in word with contact number.
Pay Range: DOE Recruiter will discuss
Position Type: Permanent
Job Location: Louisville, KY
Interview Type: Phone/Web with possible In Person
Job Order Recruiter Name and Email Address: Barb Ensminger firstname.lastname@example.org
- #2 Senior IT Manager, SecOps (#11133485)
The Senior IT Manager, Information Security Operations will report directly to Director, Information Security and will be responsible for leading the Security Operations team. In this role, the right candidate must ensure that the team leverages an appropriate risk-based approach to incident response, remediation and recovery; accomplished through the effective management of a technical team, development and maintenance of proven processes and deployed security tools for detection, prevention and response. The right candidate will have a broad and deep skill set in information security and incident response, with a passion for security orchestration and continuous learning.
WHAT YOU WILL DO
What You Need to Succeed:
- Help define and shape the future of DevSecOps.
- Drive results by leveraging the team and tools to accomplish security operations objectives.
- Develop and maintain documentation, communications and training related to security engineering and operations including but not limited to:
- Auditing, logging, monitoring and alerting practices.
- Incident response planning and correlating runbooks for identified areas of greatest risk.
- Technical and configuration standards and practices focused on security engineering and infrastructure.
- Vulnerability management.
- Proactively assess exposure to attacks and reduce the attack surface without disruption to services.
- Continuously evaluate the security posture of security engineering and operations people, processes and tools; adjusting accordingly to ensure effective preparation, detection, containment, investigation, remediation and recovery during a security incident.
- Provide metrics on identified processes to illustrate trending and status of overall security posture.
- Focus on a business appropriate measured response, strong time management, effective prioritization and appropriate sense of urgency in day-to-day Security Operations
- Lead and engage in projects focused on ensuring the design and implementation of security controls, during the implementation of new IT systems and software.
- Manage on-call procedures and schedule for the security operations team, ensuring a rapid response to security events.
- Actively evaluate and distribute vulnerabilities and threat information by assessing the risk and impact to our infrastructure, applications and known exposure.
- Lead security orchestration initiatives to automate and/or optimize processes and services.
- Evaluate and recommend new and emerging security products and technologies.
- Work with various teams to create, update, and implement information security designs, standards and procedures.
- Present to large technical and non-technical audiences on security strategy and initiatives.
- BA/BS combined with 7+ years of overall information security engineering and technology
- Excellent understanding of information security concepts, protocols, tools, industry best practices and strategies.
- Experience with common information security management frameworks and best practices sourced from CIS, SANS, OWASP, NIST, etc.
- Strong leadership abilities, with the capability to provide guidance for information security team members
- Strong knowledge of networks, operating systems, cryptography, preventive, detective and offensive security solutions.
- Excellent verbal, written and interpersonal communication skills, including in-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls.
- Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.
- Ability to identify needs, take initiative and prioritize work efforts — balancing operational tasks with longer-term strategic security efforts
- Curious, inquisitive, innovative, lifelong learner and self-starter
- Primary security certifications to include CISSP or GSEC.
- AWS Certified Systems Architect – Associate.
- Strong focus on business acumen and knowledge of IT infrastructure, operations, and development.
- Advanced threat-modeling based on technical acumen, knowledge of system and application architectures, vulnerabilities and information assimilated from multiple resources.
- Experience in system security testing (vulnerability scanning and penetration testing).
- Experience in application security testing (white box, black box and code review).
- Secondary certifications being desired such as CEH, GPEN, GCIH, OSCE or OSCP.
Please contact me with any questions:
Visit our careers website to view our current opportunities