Information Security Operations Lead

Information Security Operations Lead
Company:

Brown & Brown


Information Security Operations Lead

Details of the offer

Brown & Brown Inc. is looking for an IT Security Operations Lead to join our growing team in Daytona Beach, FL. The IT Security Operations Lead provides leadership and Security Operations hands-on expertise in the Security Operations Center of the firm. This position is responsible for monitoring the IT Security environment to immediately detect, verify, and respond swiftly to cyber threats, e.g. vulnerability exploitation, malware, cyber-attacks, etc.; serving as a technical escalation resource and providing mentoring to lower level staff. This role effectively establishes the Incident Response operations of the organization, by working closely with IT and business stakeholders to execute in a non-disruptive manner across the firm. This position within the Office of the CISO is instrumental in increasing the security posture of the firm. Working in conjunction with Architecture, IT Compliance and IT Infrastructure, this position will be a key contributor in defining the IT Security strategy, Security roadmap and formulation of the Security process relative to threat intelligence, security monitoring, security automation, intrusion detection/prevention, purple teaming, endpoint security, SIEM and SOC. This position reports to the CISO of Brown & Brown.
The Role:
Design, develop and deploy automation playbooks for automated incident response investigations working with business stakeholders and IT stakeholders across the firm
Guide the organization in Security Orchestration
Lead investigations of security events (e.g., unauthorized access, non-compliance with company policies, fraud, service exploitation, etc.) to determine malfunctions, breaches, and remediation steps
Responds to service issues, problems, and critical situations to support resolution and minimize downtime. Identify, procure and prototype new solutions designed to prevent, detect, and respond to threats
Administration and daily operation of SIEM technologies, including rule creation, reporting, correlation and performance monitoring. Lead and support information security projects by researching, documenting, and assisting with the implementation of security solutions
Leverage firm?s threat intelligence sources & partners to maintain an understanding of emerging security threats and advanced threat actor?s capabilities
Leverage firm?s Continuous Testing framework to identify, design and deploy tests for firm?s security monitoring controls
Integrate threat intelligence feeds and sources with firm?s security monitoring infrastructure
Identify and implement tools to baseline activity and alert or limit suspicious activity and insider threat among networks, databases, data and users
Select, develop, and manage the implementation of systems, tools, and processes that will keep the firm at the leading edge of security; this includes a continually evolving inventory of gaps to be mitigated and formulation of a proactive strategy to evaluate and implement mitigating technologies
Work with our industry partners to communicate our approach to security and develop programs to establish typical industry security audit reports (SOC 2 etc.)
Continuously remain current on emerging security threats and technologies
Serve as the security subject-matter expert on the escalation process for security incidents and mentor junior engineers
Assists in the design, development and implementation of security tools
Assists in the development and implementation of security policies and procedures (e.g., user log-on and authentication rules, security breach escalation procedures, security auditing procedures and use of firewalls and encryption)
Assists with security-related software and firmware (e.g., endpoint, vulnerability scanners, firewalls, IPS/IDS, DNS, proxy etc.) to maintain security and service continuity
Assist with security policies and procedures by administering and monitoring security profiles, reviews security violation reports and investigates possible security exceptions, updates and maintains and documents security controls
Prepares status reports on security matters to develop security risk analysis scenarios and response procedures
Involved in the evaluation of products and/or procedures to enhance productivity and effectiveness
Other duties assigned

Key Expectations:The scope of this position is based on Information Security core competencies across:
Incident Response Program, Vulnerability Management Program, Threat Hunting, Red/Blue/Purple Team, Tabletop Participation, Reporting, Project Implementation, team leadership, mentoring and Expectation Management across IT/business managers
Weekly status reporting
Performance review of staff, discipline and career trajectory guidance of staff
Maintain certifications and participate in industry training or conference

Required Skills
Required Qualifications:
Bachelor?s Degree and 3 years? work experience in a relevant role, i.e. SOC Analyst, Incident Response, Cybersecurity Threat Analyst
Problem solving and troubleshooting skills with the ability to exercise mature judgment
Oral and written communication skills
Attention to detail in conducting analysis combined with an ability to accurately record full documentation in support of their work
Experience with event analysis leveraging SIEM tools (e.g. Splunk, ArcSight, SecureWorks)
Log parsing and analysis skill set and previous experience developing and refining correlation rules

Hands-on experience deploying & operating security technologies including devices, networks and systems that prevent, detect & respond to security threats
Strong understanding of security operations concepts such as perimeter defense, BYOD management, data loss protection, insider threat, kill-chain analysis, risk assessment and security metrics
Working knowledge of a wide range of current network security technologies such as firewalls, proxies, network and host-based intrusion prevention, DLP, vulnerability assessment tools, security information/event management, endpoint security, anti-virus/anti-malware, etc.
Strong understanding of network protocols

Knowledge of protocol analysis and tools (e.g. Wireshark, Gigastor, Netwitness, etc.)
Experienced in mentoring and training junior analysts
Working knowledge of current cyber threat landscape (e.g. threat actors, APT, cyber-crime, etc.)
Working knowledge of Windows and Unix/Linux, Firewall and Proxy technology
Knowledge of malware operation and indicators, Data Loss Prevention monitoring
Knowledge of forensic techniques
knowledge of penetration techniques
knowledge of DDoS mitigation techniques
Ability to self-organize, prioritize activities independently, create documentation and reporting
Thinks both tactically and strategically
Enables creative solutions by stimulating ideas through discussion and collaboration
Able to work on multiple activities at the same time, organizing and prioritizing as needed to accomplish goals
Manages uncertainty well ? able to assess and act with good enough but imperfect or incomplete information
Strong written and oral communication skills with the ability to explain technical ideas to non-technical individuals at any level
Proven experience in managing and directing staff

Candidates should have:
S. in Computer Science or Engineering or similar technical program
At least one active security certification: CEH, OSCP, CPTE, CISM, CISSP or related
3 ? 5+ years in a hands-on technical role in information security supporting a large organization
Expert knowledge of security frameworks and principals and relevant technologies and vendors including AWS, Azure and O365, QRadar or Splunk

Salary Range
Negotiable
Contact
Ashlie Bleidt - ********** #LI-AP1 #ZRAP
We are an Equal Opportunity Employer. We take pride in the diversity of our team and seek diversity in our applicants.


Source: Jobsxl


Area:

Requirements

Pega developer

Job Description: Minimum 6 years of IT experience and 4+ years of experience in Pega BPM. Excellent knowledge on BPM solution Life Cycle using Pega - PRPC...


From Technosoft Corporation - Florida

Published a month ago

Microsoft dynamics crm developer

Minimum : 9+ Years Experience Job Description : 7 + years of Microsoft Dynamics CRM experience Solid understanding of the Dynamics CRM/365 SDK and...


From Fisec Global - California

Published a month ago

Initially remote // android architect

INITIALLLY REMOTE Android Architect Peachtree City, GA 12 Months Contract. Job Description: C++, Android Java programming skills Deep understanding of...


From Tekishub Consulting Services - Georgia

Published a month ago

.net microservices architect

Position: .NET Enterprise Architect Location: Austin, TX Duration: 12 Month s Must have Skills: Microservices architecture (MSA), Asp.Net Core, React Native...


From Tekishub Consulting Services - Texas

Published a month ago