Job Description

Job Description

Description
Manager IT Threat Management

AdventHealth Information Technology

Top Reasons To Work At AdventHealth Corporate

Great benefits

Immediate Health Insurance Coverage

Career growth and advancement potential

Award-winning IT Department

Work Hours/Shift:

Full-Time, Monday Friday

You Will Be Responsible For:

Manage and support analysts in their role of threat hunting, incident response, threat intelligence, consulting, & forensics.

Assist in the continued development of the Security Operations Center (SOC) through blue team exercises and training.

Assist with internal business operations, such as recruiting and process improvement measures.

Develop, scope, execute and document findings from threat hunting exercises.

Participate in developing new and existing vendor relationships along with other stakeholders

Develop and implement standard operating procedures in support of Threat Management

Develop threat advisories and intelligence briefings for senior leadership and the organization.

Participate as stakeholder in enterprise application technology review process

Participate as stakeholder in architecting and designing information security solutions to meet regulatory requirements

Assist in the alignment of the adopted security framework in the enterprise

Participate as stakeholder in enterprise change control process.

Identify business requirements that affect Threat Management & Security Operations to provide solutions.

Provide leadership and expertise in the development of standards, architectural governance, and security best practices.

Serve as an information security advisor to key technology and business stakeholders

Establish trust relationships through active engagement and collaboration with key stakeholders

Evaluate, assess, and escalate security events and incidents

Proactively identify threats across multiple security-relevant data sets

Document, collaborate, and transition incident details to appropriate leadership

Analyze, understand, and provide remediation plans for active threats and vulnerabilities

Ingest and respond to IOCs from multiple intel sources

Assist in the collection, review, and analysis of forensic artifacts and malicious code

Continually develop new technical skills and capabilities

Qualifications
KNOWLEDGE AND SKILLS REQUIRED:

5 years of Incident Response Management or Incident Response Consulting

Demonstrated technical and managerial experience in professional organizations with a focus on customer satisfaction and continuous improvement.

Demonstrated experience with security vulnerabilities, exploits, and mitigating controls.

Demonstrated experience in understanding security risks, identifying gaps and creating strategies.

Demonstrated experience in driving strategies, architecture directions, universal architectures, and working across boundaries to improve security posture for the organization.

Demonstrated ability to perform a risk-based approach to securing information based upon technology and business needs.

Knowledge of software architecture and design.

Knowledge of network security concepts and engineering processes

Understanding of common security issues and remediation techniques (OWASP, SANS, ETC.)

Expert knowledge of information security principles and practices.

Enterprise Domain experience is a must

Knowledge of Active Directory, DNS, DHCP, GPO, PKI

Understanding of networking concepts and configurations

Understanding of varying networking protocols (TCP, UDP, SSH, SSL, etc)

Demonstrated knowledge in SIEM solution(s) (LogRhythm, Splunk, ArcSight, etc)

Demonstrated knowledge with Endpoint protection solutions. (Symantec, Cisco, McAfee, etc)

Demonstrated knowledge of varying security applications (WireShark, MetaSploit, nMap, etc)

Experience with scripting languages (PowerShell, Python, C, Java, etc)

Experience with Firewalls, Proxies, IDS/IPS, DLP, CASB solutions.

Demonstrated knowledge of Microsoft Operating Systems and configuration standards

Demonstrated knowledge of Linux Operating Systems and configuration standards

Understanding of Operating System interactions, communications and file systems

Experience with Database technologies and queries (Microsoft SQL, MySQL, Oracle, etc)

Understanding of common security frameworks (ISO, NIST, HiTrust)

Understanding of varying industry data standards (PCI, HIPAA, etc)

Strong understanding of parsing, analyzing and identifying events through security logs

A broad understanding of information technology methodologies in multiple disciplines

Comfortable with complex undocumented requirements and independent task research

Demonstrated ability to determine and oversee remediation activities

Familiar with information sharing specifications for cybersecurity

Excellent time management skills to accomplish multiple concurrent tasks

Strong interpersonal skills with a positive and enthusiastic attitude.

Ability to work well with people of varying levels of technical abilities.

Excellent oral and written communication skills.

Ability to receive calls and text messages 24 hours a day, seven days per week.

KNOWLEDGE AND SKILLS PREFERRED:

Knowledge of regulatory compliance in Healthcare

Knowledge of common security frameworks

Knowledgeable with PCI, FERPA, and HIPAA.

Experience with the following:

o Penetration testing and/or application security

o Threat Hunting and table top exercises

o Security incident response

o Threat intelligence & threat feeds

o Securing Microsoft Active Directory Domains

o Microsoft Security best practices

o Vulnerability management and patching solutions

o Windows and Linux Operating Systems

o Cloud solutions, such as Microsoft Azure, Office 365, AWS, etc.

o Security solutions and best practices related to cloud services and cloud data

o Malware identification, analysis, and remediation

EDUCATION AND EXPERIENCE REQUIRED:

Bachelors degree or equivalent work experience

8+ years experience in information technology

3+ years experience in information security

Security+, CISSP, GIAC, SSCP or similar certification

Working knowledge of healthcare or clinical physician clinical practice

Experience with HIPAA, NIST, FISMA, FedRAMP, 27001, SOC audit processes

Summary:

The Threat Management Manager is a proven information security professional with extensive information security experience in a large enterprise. The Manager of Threat Management oversees the Threat Management team of the Information Security Office, comprised of information security analysts. This team is tasked with all aspects of enterprise information security, including the proactive identification of threats through threat hunting measures, leading threat and tabletop exercises, monitoring and tuning security information events, leading advanced incident response, assisting in the development of enterprise standards, providing advisories and briefings for senior leadership, and assisting in the removal of threats and vulnerabilities in the information environment. Mentors, coaches, and educates team members in standard processes, policies, and procedures related to enterprise security. Assists in the creation and enforcement of information security guidelines, standards, policies and procedures. Leads and conducts personal research in information security products, tactics, techniques, and procedures to ensure team remains apprised of industry best practices.

This facility is an equal opportunity employer and complies with federal, state and local anti-discrimination laws, regulations and ordinances.