Grp Mgr,Information Security
- Sydney, Nouvelle-Galles du Sud, Australie Sydney Nouvelle-Galles du Sud AU
- CDI, Plein-temps
- BNY Mellon
- 17 juil. 18 2018-07-17
Grp Mgr,Information Security
SOC Regional Team Manager
This position is for a "working manager," who will both: (1) directly supervise/manage a team of SOC Analysts, and (2) regularly demonstrate technical thought leadership while performing SOC analyst work similar to the team of SOC analysts that he manages.
This role exists to supplement the firm's growing cyber security monitoring function, including the local expansion of the team from 1 shift to 2 shifts per day.
The standard, target work schedule for this role will be Monday-Friday, 8a-4p, local time, with regular on-call duties (e.g. 1 week on/3 weeks off as 24x7 SOC On-Call Manager), and 24x7/365 (as-needed) Emergency Incident Response On-call duties. The standard, target work schedule may differ from actual work schedule as needed to complete assigned or committed work.
This position is one of several SOC Manager roles that work cooperatively to enable effective, global SOC operations.
The Supervisory aspects of the role will include (but not be limited to) responsibility for Goal-setting and Performance Review of staff, Staff engagement / training / Retention, Team Scheduling and OOO Request handling, and any delegated expense request processes.
The technical thought leadership aspects of the role include (but are not limited to) encouraging and influencing the team, and where necessary, developing formal processes to enable and ensure the combination of team, tools and process are effective at providing first level triage (investigative response) for security events.
The overall team scope within the security event lifecycle includes:
• Confirming event collection, enrichment, and correlation, and escalating issues to a separate SIEM engineering team
• Triaging alerts to eliminate false positives, including analysis of network data (e.g., packets, logs) and endpoint data (e.g., logs, malicious artifacts) in both structured and unstructured methods.
• Triggering standard detective and corrective responses
• Escalating impactful security incidents and providing investigative support to other Security Operations teams, such as Incident Management and Forensics Response teams
• Work with Business application and infrastructure owners to expand the scope of coverage of the security monitoring service based on business use cases or changes in threat landscape.
• Provide feedback to security control owners to help tune systems based on the results of triage and investigations.
• Improving the service level for security operations and monitoring. Creating and maintaining system documentation for security event processing.
• Developing use cases to automate and streamline repeatable events
• Designing test logic that will synthetically validate security tools are properly instrumented and use cases are properly configured to alert as expected.
• Providing reporting and metrics around security monitoring by designing dashboards for asset owners and management consumption.
Bachelor's degree in computer science or a related discipline, or equivalent work experience required, advanced degree preferred, 8-10 years of experience in information security or related technology experience required, experience in the securities or financial services industry is a plus.
• Strong verbal and written communication skills, including the ability to provide technical thought leadership on security incident investigation calls with other technology teams, and the ability to translate complex technical concepts into plain English for consumption by non-technical audiences
• Fundamental understanding of application protocols (HTTP, DNS, FTP, etc.) and networking protocols (TCP, UDP, ARP, ICMP, etc.), and be comfortable analyzing packet capture (pcap) files in tools such as Wireshark
• Understanding of network, desktop and server technologies, including experience with network intrusion methods, network containment, segregation techniques and technologies such as Intrusion Detection Systems (IDS) and Intrusion Protection Systems (IPS)
For over 230 years, the people of BNY Mellon have been at the forefront of finance, expanding the financial markets while supporting investors throughout the investment lifecycle. BNY Mellon can act as a single point of contact for clients looking to create, trade, hold, manage, service, distribute or restructure investments & safeguards nearly one-fifth of the world's financial assets. BNY Mellon remains one of the safest, most trusted and admired companies. Every day our employees make their mark by helping clients better manage and service their financial assets around the world. Whether providing financial services for institutions, corporations or individual investors, clients count on the people of BNY Mellon across time zones and in 35 countries and more than 100 markets. It's the collective ambition, innovative thinking and exceptionally focused client service paired with a commitment to doing what is right that continues to set us apart. Make your mark: bnymellon.com/careers.
Client Technology Solutions provides our business partners with client-focused, technology-based solutions. These enhance their ability to be successful through world-class software solutions and leading-edge infrastructure. Client Technology Solutions provides employees with the tools and resources to enhance their professional qualifications and careers.
BNY Mellon is an Equal Employment Opportunity Employer.
Primary Location: Australia-New South Wales-Sydney
Job: Information Technology
Internal Jobcode: 60287
Organization: Information Security-HR11724
Requisition Number: 1809121