Senior Manager, Cybersecurity

Senior Manager, Cybersecurity

American Family Insurance

Phoenix, AZ 85003

Posted 10 months ago

  • Job Type(s)

    Full Time
  • Industry

    Technology
  • Job Description

    Senior Manager, Cybersecurity

    Job Summary

    The American Family Insurance Enterprise Cyber Security Fusion Center is looking for an experienced Cyber Security Senior Operations Manager to oversee the delivery of the 24x7 Managed Security Operations Center (MSOC) service MSOC operations are performed to contractual SLAs, SOPs, policy, standards, and security best practices. You will be responsible for the efficient operations of security monitoring, detection, triage, response, and escalation handoffs to the AMFAM Cyber Incident Response team. The Cyber Security Senior Operations Manager will coordinate 24x7 staffing to support cyber threat intelligence-based incident response, Threat Hunt, Digital Forensic Investigations. Provide support to Insider Risk investigations, Data Privacy investigations, third-party breech notifications, PCI/Regulatory compliance reporting, vulnerability assessments and penetration testing of cloud environments.

    You will drive transformation and maturity of processes, workflows, and overall capabilities, process refinement and implementation, cross-team discipline collaboration, maintenance of partner relationships, and supervision of staff. You will report to the Cyber Security Fusion Center Director.

    Compensation Minimum:

    Compensation Maximum:

    Compensation may vary based on the job level and your geographic work location.

    Primary Accountabilities

    • Plan and manage daily operational escalated cyber event and incident activities.

    • Supervise the team responsible for triage and validation of escalated MS SENTINELSIEM ,Palo XSOAR eventsand alerts.

    • Help develop AI/ML based data analytics.

    • Maintain situational awareness of user reported events, tools status, vulnerability status, digital forensic investigations, threat hunt investigations, cyber threat intelligence reports, and all other responsibilities.

    • Manage Service Now Security Incident Response case management queue.

    • Coordinate with Cyber defense to guide the implementation and improvement of modern technologies, frameworks, and methodologies across the teams.

    • MS E5 integrated SENTINEL SIEM, end point protection, ProofPoint Email, Web Proxy, VPN, Firewall, IAM solutions.

    • Accountable for the efficiency of identification, isolation, mitigation, and reporting of incidents by the MSOC.

    • Work with business and operational partners during a declared incident to keep them informed of the status of the incident.

    • Review weekly and monthly performance metrics to ensure compliance with SLA's. Review QA/QC criteria with the team for process improvement.

    • Experience reporting MSOC operational metrics and deliver MSOC recommendations to cyber security leadership.

    • Service Now Metrics Dashboards

    • Manage relationship with third-party incident response provider, coordinate support during incident response investigations.

    • Instill and reinforce industry best practices in the incident response, threat analysis, knowledge management and MSOC operations domains.

    • Experience with NIST 800 series, MITRE ATT@CK Framework, FS-ISAC, Gartner Group

    • Cyber Security Artificial Intelligence/Machine Learning (LLM, MS Security Co-Pilot)

    • Familiarity with Cloud concepts and experience performing monitoring and responding to threats in AWS, Azure and GCP Cloud environments.

    • Review relevant actionable threat intelligence products with staff to support decision making and supply chain awareness.

    • Weekly cyber threat intelligence report

    • Actionable threat intelligence report

    • Specialized threat intelligence report

    • Supervise the digital forensic team to ensure compliance to corporate policies, procedures and SLA metrics are met.

    • Review weekly and monthly performance metrics to ensure compliance with SLA's.

    • Review QA/QC criteria with the team for process improvement.

    • Support the authorized penetration testing on enterprise network assets and development of the plan of action and milestone to address the vulnerabilities.

    • Validation of security controls, alert monitoring and alerting triggers and thresholds.

    • Support the cyber incident response exercise program by developing scenarios with supporting artifacts to meet exercise and training goals. Conduct tabletop exercises on a quarterly basis; plan and conduct a major exercise once a year.

    • Support making recommendations about the choice of cost-effective security controls, technologies to mitigate digital risk (e.g., protection of information, systems and processes).

    • Manage the Safe Agile process - developing requirements, find dependencies, coordinate w/stakeholders.

    Knowledge, Skills, and Abilities

    • Knowledge of computer networking concepts and protocols, and network security methodologies.

    • Knowledge of cyber threats and vulnerabilities.

    • Knowledge of cybersecurity principles.

    • Knowledge of basic system administration, network, and operating system hardening techniques.

    • Knowledge of cloud service models and possible limitations for an incident response.

    • Knowledge of cyber defense policies, procedures, and regulations.

    • Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution).

    • Knowledge of disaster recovery continuity of operations plans.

    • Knowledge of general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation or privileges, maintaining access, network exploitation, covering tracks).

    • Knowledge of how network services and protocols interact to supply network communications.

    • Knowledge of incident categories, incident responses, and timelines for responses.

    • Knowledge of incident response and handling methodologies.

    • Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions via intrusion detection technologies.

    • Knowledge of malware analysis concepts and methodologies.

    • Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.

    • Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).

    • Knowledge of OSI model and underlying network protocols (e.g., TCP/IP).

    • Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).

    • Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities.

    • Skill in performing damage assessments.

    • Skill in preserving evidence integrity according to standard operating procedures or national standards.

    • Skill in protecting a network against malware.

    • Skill in recognizing and categorizing types of vulnerabilities and associated attacks.

    • Skill in securing network communications.

    • Skill in using security event correlation tools.

    • Skill of identifying, capturing, having, and reporting malware.

    • Knowledge of an organization's information classification program and procedures for information compromise.

    • Knowledge of data backup, types of backups (e.g., full, incremental), and recovery concepts and tools.

    • Knowledge of host/network access control mechanisms (e.g., access control list).

    • Knowledge of network traffic analysis methods.

    • Knowledge of packet-level analysis.

    • Knowledge of the common networking and routing protocols(e.g., TCP/IP), services (e.g., web, mail, DNS), and how they interact to supply network communications.

    Travel Requirements

    This position requires travel up to 15% of the time.

    Specialized Knowledge & Skills Requirements (Minimum Requirements)

    • Bachelors degree (in cyber security, computer science, IT management, network engineering) and 8+ years of relevant experience or masters degree with 6+ years of prior relevant operational management experience. Years of proved experience may be used in lieu of degree.
    • 4+ years of supervisory and managing teams.
    • 5+ years of intrusion detection and/or incident handling experience.
    • CISSP, SSCP, GCIH, CISM or GCIA needed upon start.
    • Cloud certifications - CCSP, AWS Security, MS AZ-500, GCP Cloud Sec Eng. is a plus.
    • Advanced knowledge of in planning, directing, and managing Computer Incident Response Team (CIRT) and Cyber security operations for a large Enterprise.
    • Considerable experience in supervising and leading employees of several technical skill levels in efforts similar in scope to a mature Security Operation.
    • Mature understanding of industry accepted standards for incident response actions and best practices related to SOC operations.
    • 5 years of firsthand cybersecurity experience (Protect, Detect, Respond, Mitigate, Eradicate and Restore) within a Computer Incident Response organization including performing large-scale incident response.
    • Demonstrated understanding of the life cycle of cybersecurity threats, attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques and procedures (TTPs).
    • Familiarity or experience in Intelligence-driven Defense, Cyber Kill Chain method, and or/MITRE ATT@CK framework.
    • Familiarity with the Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA) information classification and dissemination (TLP).

    Additional Job Information:

    • Offer to select you will be made contingent on the results of applicable background checks.
    • You may be considered for a Full-Time Remote or Hybrid work arrangement based on someones location. We know flexibility is important to our employees and their families, and we will continue to offer this flex office/home role. This approach will guide us in balancing our needs, customers and our employees.
    • Locations for this role include:
    • Madison, WI; Boston, MA; Chicago, IL; Denver, CO; Phoenix, AZ; Nashville, TN; St. Joseph, MO; Keene, NH
    • Internal candidates are encouraged to apply regardless of location and will be considered based upon the needs of the role.

    We encourage you to apply even if you do not meet all of the requirements listed above. Skills can be used in many different ways, and your life and professional experience may be relevant beyond what a list of requirements will capture. We encourage those who are passionate about what we do to apply!

    We provide benefits that support your physical, emotional, and financial wellbeing. You will have access to comprehensive medical, dental, vision and wellbeing benefits that enable you to take care of your health. We also offer a competitive 401(k) contribution, a pension plan, an annual incentive, 9 paid holidays and a paid time off program (23 days accrued annually for full-time employees). In addition, our student loan repayment program and paid-family leave are available to support our employees and their families. Interns and contingent workers are not eligible for American Family Insurance Group benefits.

    We are an equal opportunity employer. It is our policy to comply with all applicable federal, state and local laws pertaining to non-discrimination, non-harassment and equal opportunity. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law.

  • Job Benefit(s)

    Paid Holidays Paid time off Family leave