Working independently, the Cyber Security Operations Senior Manager leads the Cybersecurity Security Operations Center (CSOC) responsible for security event monitoring, management, response, and triage. This role will be responsible for CSOC strategy, enhancing capabilities, incident monitoring, detection, analysis, and handling. Associate will ensure that your network and systems are operationally available to support vital business operations, through effective event monitoring and cyber security incident management. The team coordinates with other departments and external vendors regarding events and initiatives impacting information security. This is accomplished through strong leadership and active collaboration with multiple lines of business and technology teams to provide high quality solutions and services that are focused on improving risk posture. Associate will interact with his or her supervisor as needed. Most activities are completed without a supervisor’s advance approval.
As the Senior Network Security Manager you will manage a team in the implementation and life cycle of strategic infrastructure technologies, responsible for your network security including local and global load balancing, firewalls, internet access, remote access and encryption management. You will be responsible for mapping out strategies to stabilize infrastructure, baseline unit costs and develop plans to manage unit expenses. Additionally you will mentor and train staff, lead and collaborate on projects and support teams to implement new technologies that ensure ongoing adequate and sustainable network security support.
As the Senior Network Security Manager you will also own the service levels for network security technologies across the enterprise and be held accountable for achieving agreed-upon goals and service level agreements. You will oversee and provide on-call support for complex production impacting technical issues and work to troubleshoot and restore services that drive meaningful root cause analysis and actions to prevent future incidents.
- Support oversight of cyber security within 7x24 operations: production, engineering, and corporate environments
- Perform Security Incident Management aligned with NIST standards
- Be the singular accountable person for developing and maintaining a high-performance team, ensuring quality delivery of initiatives and delivering exceptional customer service
- Lead the Cyber Security Operations Center team in performing in-depth network cyber security analysis, incident response, event analysis and threat intel
- Define and implement a next-generation SOC strategy, incorporating the global footprint of GameStop
- Evaluate new technologies, when needed, for the purpose of replacing or upgrading existing Cyber Security Operations Center tools
- Provide both strategic analysis and near real-time auditing, analyzing, and investigating, reporting, remediation, coordinating and tracking of cyber security-related activities
- Analyze data and prepare reports that document vulnerabilities from network based attacks and recommends actions to prevent, repair or mitigate these vulnerabilities
- Collaborate with other IT cyber security teams and key internal stakeholders to ensure that cyber security monitoring alarms are in conformity with the overall cyber security strategy
- Develop and present cyber security event metrics and trending for multiple levels of management
- Establish and create standard operating procedures for a variety of computer network defense (CND) related tasks
- Establish an in-house forensics capability, allowing for initial triage and investigation of potential cyber events
- Provide technical expertise on post event network cyber security logs and trend analysis
- Review cyber security events that are detrimental to the overall cyber security posture, and analyze and detect sophisticated and nuanced attacks and discern false positives
- Coordinate and liaise with other departments with information regarding intrusion events, cyber security incidents, and other threat indications and warnings information
- Model the behaviors expected of all GameStop associates including a drive for results with a clear bias for action; high levels of maturity and professionalism; giving, receiving and responding to feedback effectively; a high service orientation; and clear commitments to diversity, inclusion, a respectful workplace, and integrity
- Manage financial forecasts and estimates for capital and operating expenses
- Manage support, maintenance and subscription renewals for cybersecurity operations technology
- Liaise with peers to address the overall GME mission
- Manage relationships in a manner acceptable to others and to the organization
- Model team commitment by meeting deadlines; and by being cooperative, collaborative, and flexible
- Drive outstanding business results through traditional management functions including sourcing and selecting talent, coaching and development, workforce and project scheduling, performance assessment, and general talent planning
- Establish ongoing procedures to collect and review information needed to manage an organization or ongoing activities within it.
- Establish courses of action for self and others to ensure that work is completed efficiently.
- Will show a satisfactory level of technical and professional skill or knowledge in position-related areas; keep up with current developments and trends in areas of expertise.
- Oversee a team of Engineers who perform network security technologies engineering and operation functions that include talent management, performance reviews, compliance tracking, entitlement reviews, etc.
- Responsible for the Managed Network Services (MNS) vendor and leads the governance oversight function including:
- Leading financial, project, and operations governance meetings
- Directly working with MNS leadership on daily, tactical, and strategic initiatives; tracking contractual requirements including disputes, satisfaction, SLAs, and other mandated activities;
- Being fully aware of the MNS contract requirements and structure
- Handling contractual and financial disputes
- Working with MNS leadership on service improvement efforts
- Oversee, approve, and accountable for all changes in the network security technology environment
- Identify, evaluate, and design future network security products based on business demands and technology direction
- Introduce and apply best practices for network design and enterprise business solutions
- Lead problem management and resolution in the support of deployed technology and act as a subject matter expert on high severity production outages
- Accountable for network standards, baselines, architecture, and solutions engineering
- Set technical standards for network infrastructure, security baselines, policies and procedures
- Manage a 24x7x365 operation and will be responsible for off-business hour change and incident management as necessary
- Identify, design and implement flexible, responsive, and secure technology services
- Research and evaluate infrastructure strategies, hardware/software, security and networking products
- Advise management of options, risk vs. cost, benefits and other impacts of infrastructure solutions
- Ensure infrastructure support policies and guidelines are in place and current
- Monitor trends and recommend future architecture strategies and roadmaps
- Educate and mentor technology support staff as needed, including requisite training on technology and governance
- Engage in complex production impacting technical issues and work to troubleshoot and restore service
- Engage with partner teams to develop optimal business solutions based on standard F5 designs
Requirements and skills
3-7 years of progressive experience in information technology and security experience across 2 or more information security / information technology risk management domains such as but not limited to:
- Must be able to deploy IPS/IDS including sensors and ensure they are reporting to central console.
- Must have experience with desktop OS including Windows 7 / Windows 10 / Windows Server 2008 Must understand UAC, Windows processes and NTFS
- Understand how data is identified or de-identified and how DLP works
- Must be able to deploy remote scanners, set up different types of scans and compile reports in graphs and pivot tables. Must be able to validate and enumerate vulnerabilities found in the scanning
Additional requirements may be:
- Deep knowledge of TCP/IP protocols including routing and subnetting. Must know the differences between private and public IP’s address.
- Knowledge of MFA (Multi-Factor Authentication), including set up of the console, provisioning tokens and troubleshooting issues
- Understand SIEM including implementation, hardware maintenance and onboarding log sources
- Understand how Proxy works including whitelisting and agent troubleshooting
- Understand how MTA filters e-mail and force it SMTP through appliance
- In depth knowledge of HIPAA regulatory requirements and HiTrust CSF.
- Excellent technical aptitude, resourcefulness, and critical thinking skills
- Ability to identify security risks and weaknesses and provide security mitigation and remediation recommendations
- Demonstrated experience and expertise with multiple security controls within multiple security domains
- Ability to think strategically with strong attention to detail
- Must possess strong written and verbal communication skills
- Experience working with global teams across multiple time zones, cultures and languages.
- Bachelor’s Degree in Computer Science, Engineering or related field or equivalent work experience required
- GIAC, CISSP, CISM, or other relevant information security industry recognized certification preferred
- 10 or more years of related experience required
- 5 or more years of networking engineering experience
- 5 or more years of experience working in IDS, IPS, and SIEM environments
- 3 or more years of experience working in a cyber-security operations center
- 3 or more years of experience managing a team of senior engineers
- Forensics-based certification (e.g. GIAC Certified Incident Handler or similar is preferred)
- Experience and expertise in network security technologies including Palo Alto Firewalls, DNS and BlueCoat proxies
- Experience working for a financial services company
- Must understand application development and lifecycle concepts
- Application and network troubleshooting skills
- Demonstrated experience supporting data system architectures and implementing related solutions
- Experience creating, troubleshooting and supporting multi-site, multi-tier system environments, and corporate data center facilities
- Understanding of application development languages, application design and software development lifecycles
- Knowledge of data and voice network technologies.
- Understanding of Information Security practices including standards, risk, and compliance management
- Knowledge of the routed network as well as server build processes
- Understanding of networking protocols