Director, Security Operations

Northern Virginia | Cyber security

Overview:

The Block.one Director of Security Operations is directly responsible for development and day-to-day management of agile, real-time security operations capabilities, including  Cyber Threat Hunting, Malware Response and Research, Advanced Security Monitoring, Incident Response, and Forensics and Vulnerability Management. 

The position requires a strategic and hands-on technical cybersecurity leader who understands business operations, IT and security technologies, and will utilize that knowledge to oversee the implementation of an effective security operations program that ensures the real-time security posture of Block.one is aligned with business needs and the actual and evolving threat landscape.

Responsibilities:

  • Develop and lead a top-tier, advanced security monitoring and threat intelligence operation combining MSSP (L1/L2)  3rd party cloud and intelligence vendors, and Block.one security teams
  • Produce L3 analysis and actionable reports on new and potentially identified threats for the purposes of accurate mitigation and further threat and vulnerability detection
  • Develop a best-in-class threat intelligence capability to monitor external, internal, open source, and deep and dark web information for relevant cyber threats, incidents and /or actionable cyber activity
  • Assess IT and security-based computer and network logs for the purpose of identifying specific patterns of activity or generating statistical threat and vulnerability summaries
  • Develop security monitoring and advanced lateral movement detection analytics specific to non-traditional technology areas such as global cloud service providers, Docker, Kubernetes, and container-based environments
  • Produce predictive and reactive cyber threat intel reports on new or updated cyber threats, new TTPs, campaigns (phishing/spear phishing/watering hole)
  • Support other Block.one IT and security teams with the analysis of complex security alerts and network traffic to determine the existence or extent of potential threats and remediation / response requirements
  • Conduct analysis on files/binaries, packet captures, and supporting materials to extract relevant artifacts, observables, and IOCs
  • Proactively look for cyber threats via open feeds, internal feeds, VirusTotal, Hybrid-Analysis, or similar sources
  • Develop and maintain behavioral- and signature-based threat-driven use-cases
  • Assess events based on factual information immediately present, available external context and analysis, and wider knowledge and experience with IT systems
  • Proactively drive improvements of internal processes, procedures, and threat and vulnerability management workflows
  • Participate in the testing, recommendation, and integration of new security monitoring and analytical tools
  • Deliver results within given time frames, ensuring work is consistent, well documented, and in-line with team standards at all times
  • Take ownership for the growth of a world-class team and their professional career development

Experience and Qualifications:

  • BS degree in computer science, networking, engineering, or other computer-related field of study or certifications such as GIAC, GCIH, GCFE, GCFA, GREM, GNFA, OSCP, OSCE
  • 8 years+ experience working in an information security or IT operations related field in an enterprise environment Experience
  • Demonstrated experience managing security operations and threat hunting teams with a focus on L3 analysis of events, malware, network forensics, and complex incidents
  • Experience with Splunk or other database query languages (i.e. SQL), ELK experience a big plus
  • Experience creating customized security log analysis and detection capabilities using programming and development expertise, including Java, Python, Shell Scripting and regular expression
  • Fluent in use and monitoring opportunities of all major operating systems platforms (e.g., Windows, Linux/Unix, Mac)
  • Solid understanding of virtual environments hosted and cloud / container (e.g., VSphere, Kubernetes, AWS, GCP)
  • Experience with network forensics tools (e.g., Wireshark, NetWitness)
  • Specific knowledge of CrowdStrike, Splunk, Proofpoint, and other best of breed security tools critical.
  • Deep understanding of TCP/IP and computer networking
  • Knowledge of the functions of security technologies such as IPS/IDS, firewalls, SIEM
  • Experience in the intelligence process, collecting relevant data, creating analytic products, and reporting metrics
  • Experience synthesizing and enriching event data with threat intelligence to create actionable intel
  • Experience creating company specific dashboards, tools and data sets with open source tools (Maltego, MISP, etc.)
  • Prior work experience in financial services or social media / real-time operations environments.
  • Ability to work in a fast paced, high tech environment juggling multiple priorities while meeting deadlines.
  • Must be committed to a culture of continuous improvement and continuous delivery.
  • Exceptional customer service skills, in addition to extensive experience working in a team-oriented, collaborative environment.
  • Strong communication, influencing and presentation skills.
  • Previous experience running best in class Customer Service and Operational Support teams.
  • Ability to maintain positive attitude in high pressure situations and manage distributed teams with competing priorities with tight deadlines.

Apply


Attach or Paste
By submitting your application, you agree to our terms of use and privacy policy, and you agree to your information being transferred to our service provider for processing in accordance with their privacy policy (EU and Non-EU).