Manager, Security Operations Center
Simpson Thacher & Bartlett LLPReporting to the Associate Director of Cyber Threat Intelligence & Incident Response, the Security Operations Center Manager will work alongside an expanding team of information security professionals with the shared goal of protecting the Firm’s security posture and staying one step ahead of threat actors. The person in this role will lead cyber investigations, detect & respond to incidents, and coordinate activities between internal teams and external security service providers.
The Manager must be detail orientated and comfortable leading team members in real time incidents. They will lead cross-functional projects to achieve shared goals and efforts to improve current cyber threat protocols, documentation, and day-to-day operations of the SOC.
The ideal candidate is a technical, hands-on leader with the ability to create and lead cybersecurity incident response operations to analyze, investigate, and respond to threats. The candidate must be able to explain technical concepts in non-technical terms and have excellent interpersonal, leadership, presentation, and collaborative skills.
JOB SUMMARY & OBJECTIVES
The Security Operations Center Manager will work alongside an expanding team of
information security professionals with the shared goal of protecting the Firm’s
security posture and staying one step ahead of threat actors. The person in this role
will lead cyber investigations, detect & respond to incidents, and coordinate activities
between internal teams and external security service providers.
The Manager must be detail orientated and comfortable leading team members in real
time incidents. They will lead cross-functional projects to achieve shared goals and
efforts to improve current cyber threat protocols, documentation, and day-to-day
operations of the SOC. This is a hybrid role based in New York City.
ESSENTIAL JOB DUTIES & RESPONSIBILITIES
· Lead and coordinate cyber incident response activities and efforts to contain and
resolve incidents, including communications with team, stakeholders, and
leadership
· Analyze and investigate a broad range of threats and activities occurring on Firm
systems and applications; Assess the nature of incidents and determine how to
resolve the situation, eliminate threats, and restore services
· Conduct root cause analysis following incidents and define follow up actions and
make recommendations accordingly
· Manage and monitor SIEM tools to find and respond to suspicious internal and
external activity
· Develop response and escalation protocols for individual and large-scale events
· Develop, document, implement, and maintain Standard Operating Procedures
(SOPs), strategies, playbooks/runbooks, capabilities, and techniques for
information security monitoring and incident response
· Streamline security event reporting and eliminate false positive alerts · Develop metrics and key performance indicators to enable strategic visibility and decision making · Support all SOC training for Information Security and IT personnel · Preform threat modeling of different environments to identify threats using the MITRE ATT&CK framework · Support the Associate Director of Cyber Threat Intelligence & Incident Report in executing the Firm’s cybersecurity strategy and creating strong SOC policies, processes, standards, and playbooks · Keep up to date on industry tools, systems, and techniques
EDUCATION
REQUIRED
· Bachelor’s (or Master’s) degree in information security, IT, related discipline, or
equivalent experience
PREFERRED
· GIAC Certified Incident Handler (GCIH); GIAC Certified Intrusion Analyst
(GCIA); Certified Information Systems Security Professional (CISSP)
SKILLS AND EXPERIENCE
· 8+ years of experience in an IT or Information Security role, with at least 3 years
managing or leading a security operations team
· Broad knowledge and experience across multiple information security domains,
including familiarity with endpoint, email, network, identity management, cloud
security, vulnerability management, incident response, and threat intelligence
· Experience with log analysis network security, digital forensics, and cyber
incident response investigations
· Hands-on experience analyzing and responding to security events, including log
analysis, developing queries and analytics, troubleshooting security issues, and
correlating complex data sets
· Proficiency developing and using analytical methods to create response processes
and identify trends, insights, and relationships between internal and external data
and intelligence sources
· Experience working in a global organization and broad knowledge of security
domains, technology risk management concepts, and a working knowledge of
security and risk frameworks
· Knowledge of cloud computing systems (SaaS, PaaS, and IaaS), containers, and
cloud orchestration; core networking concepts including TCP/IP, firewalls, and
network security products; common application architectures, design, protocols, and agile deployment methodology and best practices; and core identity management and privileged access principles
· Familiarity with the Mitre attack framework & CVE/CVSS scoring system · Ability to manage multiple concurrent objectives and activities, and make effective judgments in prioritizing and time allocation
· Must be able to execute with limited information and ambiguity · Must have a continuous learning mindset and a demonstrated aptitude for understanding new vulnerabilities, threats, and attack vectors
· Must be able to maintain a high level of confidentiality and document incident details accordingly
· Must be able to build collaborative relationships and is comfortable interacting frequently with leadership and internal/external stakeholders
· Excellent written and verbal communication skills
· Some off-hours (nights and weekend) work may be necessary, including regular rotations as an on-call escalation point
Salary Information
NY Only: The estimated base salary range for this position is $170,000 to $190,000 at the time of posting.
The actual salary offered will depend on a variety of factors, including without limitation, the qualifications of the individual applicant for the position, years of relevant experience, level of education attained, certifications or other professional licenses held, and if applicable, the location in which the applicant lives and/or from which they will be performing the job. This role is exempt meaning it is not overtime pay eligible.
Privacy Notice
For information about how Simpson Thacher & Bartlett LLP collects and processes your personal information, please refer to our Privacy Notice available at https://www.stblaw.com/other/privacy-notice.
Simpson Thacher & Bartlett is committed to a collegial work environment in which all individuals are treated with respect and dignity. The Firm prohibits discrimination or harassment based upon race, color, religion, gender, age, national origin, citizenship status, disability, marital or partnership status, sexual orientation, protected veteran’s status or any other legally protected status. “Gender” includes actual or perceived sex, a person’s gender identity, self-image, appearance, behavior or expression, whether or not that gender identity, self-image, appearance, behavior or expression is different from that traditionally associated with the legal sex assigned to that person at birth. This Policy pertains to every aspect of an individual’s relationship with the Firm, including but not limited to recruitment, hiring, compensation, benefits, training and development, promotion, transfer, discipline, termination, and all other privileges, terms and conditions of employment.
#LI-Hybrid