Manager-Security Incident Response & Operations; Remote

Description

American Specialty Health Incorporated (ASH) is seeking a Manager-Security Incident Response & Operations to join our Information Security department. The primary purpose of this position is to be responsible for providing cyber incident response subject matter expertise while collaborating on numerous security projects and operational improvement initiatives. This position will support the operational activities of junior-level cyber analysts while helping to develop the team's investigative skillset, process, and playbooks.

In this role you will champion incident response services enrollment requirements to ensure progressive operational effectiveness and alert fidelity. In addition, you will be responsible for continuously identifying gaps and managing the improvements in security response process, technologies, and monitoring. Working closely with internal architecture, engineering, and project management teams, you will ensure cyber-defense requirements are identified and communicated early in the project life cycle.

American Specialty Health complies with state and federal wage and hour laws and compensation depends upon candidate's qualifications, education, skill set, years of experience, and internal equity. $112,500 to $175,000 Full-Time Annual Salary Range.

• Remote Worker Guidelines:
  This position will be trained remotely and must be able to work from home (WFH) in a designated work area with company-provided technology equipment. This WFH position requires you have a stable connection to your Internet Service Provider with the ability to participate by video in online meetings over a reliable and consistent network. The internet connection must have a consistent 50 down/10 up Mbps minimum internet speed.
  
  100 down/20 up is recommended to support higher quality video meetings.

• Providing cyber incident response subject matter expertise while collaborating on numerous security projects and operational improvement initiatives.
  • Manage SIEM operations.
  • Support cyber incident response actions to ensure proper assessment, containment, mitigation, and documentation.
  • Hunting to identify anomalous and malicious behavior, enhance SIEM rules to automate continuous identification.
  • Interact and assist other investigative teams within American Specialty Health on time sensitive, critical investigations.
  • Manage third-party MSSP (SOC) to ensure appropriate levels of incident response time, enrichment of SIEM content, and identify gaps in logging and monitoring coverage.
  • Drive continuous improvement of incident response processes, playbooks, and detection capabilities.
  • Participate as part of a close team of technical specialists on coordinated responses and subsequent remediation of security investigations.
  • Train matrixed team members on hunting, investigative, and forensic tools and processes
  • Help create, support, and participate in purple team exercises.
  • Manage the security monitoring enrollment process to ensure adequate coverage and effectiveness of all new and existing cloud and premise-based applications, services, and platforms.
  • Maintain detailed tracking plan of all internal/external enrollment outcomes/recommendations, and provide support through to implementation.
  • Act as a liaison between security operations, engineering, security architecture, network & system operations, and functional project teams to ensure effective project implementation that meets incident response requirements.
  • Work with colleagues in other technology departments as well as the business and product offices to establish effective, productive business relationships.
  • Define baseline security monitoring requirements for all new projects, services, and applications joining the American Specialty Health network.
  • Facilitate the development and tuning of SIEM rules to support enrollments and ensure high fidelity alerting.
  • Review and analyze cyber threats and provide SME support and training to junior level security analysts.
• Performs other duties as assigned.
• Complies with all policies and standards.

• Bachelor's Degree in Computer Science, Information Security, Computer Engineering, related area of study, or equivalent experience required. If related experience, high school diploma required.
• 10+ years of combined relevant experience using hunting and using IR technologies and/or industry-standard tools required.
• 5 years in SIEM management required including:
  • Content management (e.g. parsing and correlation rules)
  • Case management ensuring sufficient due diligence steps are completed
  • Security Orchestration, Automation, and Response (SOAR) technology
  • Threat intel feeds
  • Use case mapping
• 2 years of management experience required.
• Experience writing thorough investigative reports detailing incident findings required.
• Experience with Threat Intel providers and distribution of relevant information required.
• Demonstrated experience in an enterprise-level incident response team or security operations…