Manager, Security Operations

Summary

The Manager, Security Operations is responsible for the prevention of Cyber security incidents through real-time monitoring, detection, and analysis of potential intrusions.

This includes using troubleshooting tools to analyze and respond to cyber threats, writing scripts to aid in quick analysis and response, and responding to security events.

The position operates and tunes security tools, provides requirements for new security capabilities and creates use cases for monitoring.

In addition, this position is responsible for the delivery of the performance obligations of external service providers in accordance with the contract and ensuring fulfillment of service level agreements (SLA).

The Cyber Security operations team will rely on your contribution to perform in-depth analysis of evidence, identify malicious operations and evaluate the real impact in order to solve issues in a quick and efficient manner.

This is a key role when it comes to responding to security incidents, onboarding new identities and environments, maintaining the security infrastructure and continuous improvement.

We are looking for a motivated and structured leader with a strong focus on cyber protection and effectiveness. Make your mark in cyber security and join our team!

Responsibilities

• Be a courageous safety leader, adhere to and sponsor safety and environmental rules and procedures
• Coordination and service delivery for internal and external customers
• Ensure appropriate governance is maintained across all areas of the Service (team lead, incident management, service delivery, change management, continual improvement, customer satisfaction and, operations availability and maintenance provision)
• Lead onboarding requests to ensure a successful transition to operations for security monitoring services
• Lead all aspects of onboarding new identities and environments, communicating with collaborators, the operation of the protect service and its continuous improvement
• Supervise overall performance of the services delivery team, identifying areas of improvement, efficiency, expansion or enhancement
• Ensure the cyber operations services (people and technologies) continues to operate
• Coordinate with regional and product cyber operations teams for innovative improvements to our global cyber operations business
• Support business and product owners as the subject matter expert (SME) for cyber operations services
• Lead and support the North America team on cyber operations services
• Lead the tactical weekly meeting, monthly customer management meeting, and support the quarterly executive meetings
• Capture business and product team requirements and recommend pragmatic solutions
• Provide technical guidance to cyber operations team technical analysis
• Be the point of escalation for cyber operations analysts in support of cybersecurity investigations
• Lead the Incident Response coordination and provide guidance and oversight on incident resolution and containment techniques.

Carry out first responder actions, triaging and containing breaches

• Lead threat-hunting activities, looking for anomalies
• Ingest, analyze and contextualize data and turn that into intelligence for threat assessment and risk management
• Contribute to the creation, updating and distribution of incident response best practices to include response capabilities and recommendations to senior leadership when dealing with incidents that affect diverse platforms or business units
• Create quality control of reports, deliverables and playbooks in order provide clear guidelines for staff on operational procedures during incidents / critical issues
• Ensure security and compliance of cyber operations infrastructure
• Lead and support continuous improvement, tune SIEM, SOAR use cases, and assist in maintaining the cyber operations platform
• Lead technical workshops, and presentations of findings
• Lead the design, implementation, improvement, and maintenance of the cyber operations platform (SIEM, log management systems, correlation engine, EDR, and SOAR)
• Provide guidance and expertise supporting one or various Cloud infrastructure (Azure, AWS, GCP)
• Stay up-to-date with the latest Cybersecurity trends, news and threat landscapes, IoT, Big Data, Cloud Security, and Digital Transformation
• Train, coach and mentor the cybersecurity team

Qualifications

• Bachelor degree in engineering, computer science, cybersecurity or related IT fields or job experience equivalent
• Minimum of eight years of relevant experience
• Proven experience leading SOC teams and environments
• Over five years of related experience on a Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) or a Security Operations Center (SOC)
• Solid background in System / Network Architecture, and Cybersecurity consulting
• Experience in building and assessing a secure infrastructure, Security Operation Centre, and Cloud infrastructure is an asset
• Currently holding one or more Cybersecurity industry recognized certifications : ISACA, ISC2, GIAC SANS, CompTIA, Offensive-Security
• Proficient with NIST Cybersecurity Framework (CSF), Cyber Kill Chain, MITRE ATT&CK and d3fend
• Proven experience in building SOC infrastructure, SIEM technologies, processes, playbooks, correlation rules, and incident reports
• Experience in Cloud infrastructure and Cloud security monitoring
• Experience in DevOps technologies like, containers, kubernetes, CI / CD pipeline
• Experience as a SOC technical lead or SOC manager
• Experience in designing secure architecture and workflows
• Experience working in a SOC environment (Internal or MSSP), supervising enterprise environments, and Operation Technology (OT)
• Experience working on a critical operations team
• Solid understanding of numerous of operating systems, from the latest to legacy Windows, UNIX. Embedded OS, platforms is a plus
• Solid understanding of security incident management, malware management and vulnerability management processes
• Security monitoring experience with one or more SIEM technologies
• Experience building, integrating, and maintaining SOAR platform
• Knowledge of networking : TCP / IP, WAN, LAN, VLAN, MPLS, VPN, firewalls, switches, proxy
• Knowledge of system infrastructure : Unix / Linux OS, LDAP, DNS, DHCP, SMTP, NTP, associated anti-virus / EDR
• Motivated to continuously improve skills through training and mentoring
• Strong written communication and presentation skills
• Adaptable and able to work independently
• Problem solver, negotiator and consensus builder

About Teck

At Teck, we value diversity. Our teams work collaboratively and respect each person's unique perspective and contribution.

Qualified applicants interested in joining dynamic team are encouraged to submit a resume and cover letter electronically.