Global Information Security Operations Manager

This is a senior technical lead position that will focus on MLP's security incident response and manage global Security Operations staff. The role will also include maintenance, monitoring and administration of key Information Security technologies. The Information Security Team fosters a collaborative environment and is building a best of breed practice to partner with the business to protect the Firm's information and computer systems.

The successful candidate must have hands–on technical experience in supporting infrastructure platforms and providing leadership to junior members of the team. The role is suited to individuals with prior experience developing and implementing security procedures and controls as well as management experience in a Security Operations Center (SOC) environment. Millennium is a complex and robust technical environment and securing the Firm from external and internal threats is a top priority which makes this role very challenging.

Principal Responsibilities

• Responsible for the daily operation of enterprise security systems including SIEM, SOAR, Elastic, ticketing, alerting, and messaging systems.
• Manage junior level analysts in the daily operation of enterprise security systems including shift rotations and hand–offs.
• Work closely with Managed Security Providers (MSP) to maintain runbooks, escalation procedures, and consume available threat intelligence.
• Utilize detective controls to develop rules and alerts to drive security monitoring.
• Perform hunt activities across our log aggregation and SIEM platforms.
• Recommend, test, tune and implement SIEM and other tooling correlation rules.
• Identify false–positives from alerting, and perform incident response, triage, incident analysis and remediation tasks.
• Recommend and develop new SIEM use cases/rules with engineering teams.
• Maintain documentation for the SOC function, including training program for new Security Operations personnel.
• Participate in Information Security Incident Response activities for the Firm's environment.
• Enforce security policies and procedures by administering and monitoring appropriate systems, events and answering client queries.
• Perform threat and vulnerability management functions including vulnerability scans and/or analyze results of scans and assist with remediation as required.
• Collaborate with the Information Security Team to consume feeds from a suite of security tools including AV, Advanced Malware Detection, SIEM, IDS, Vulnerability scanners, etc.
• Ensure MLP enterprise security products are functioning and protecting the environment as expected while providing stability and maintaining policies and procedures.
• Actively monitor new and emerging security and privacy related technologies, trends, issues, and solutions and assess their applicability to Millennium key business initiatives and business strategies.
• Provide technical support to IT staff in the detection and resolution of security problems.
• Develop and maintain documentation of all Security products including specific tools, technologies and processes.

Qualifications/Skills Required

• Experience performing security monitoring and incident response and triage work in a 24/7 environment.
• Experience with people management in a technical role, preferably in a SOC setting.
• Experience with ticketing systems and API integration work.
• Hands–on experience with one of the major SIEM platforms in use i.e Splunk, Q1Radar, etc
• Excellent understanding of common exploit scenarios and indicators of compromise (IOCs)
• Log analysis and experience reviewing security events.
• Ability to manipulate data and produce relevant metrics and reporting around security incidents.
• Excellent understanding and experience across broad spectrum of technologies – including operating system, cloud, Active Directory, Group Policy, DNS, Messaging.
• High level understanding of internetworking, data transmission and encryption protocols.
• Experience with vulnerability management scanning platforms.
• Ability to handle sensitive and/or confidential materials with appropriate discretion.
• Scripting and development skills (Python, Powershell, VBscript, Rest a plus).
• Possess a passion for Information Security and Technology.
• Able to prioritize in a fast moving, high pressure, constantly changing environment; High sense of urgency
• Ability to communicate and collaborate across technology teams.
• Bachelor's degree (Computer Science or Engineering preferred) with strong IT background.
• Have substantial experience working in a technical role and extensive experience concentrating on Information Security, financial industry
• At least one security certification (CISSP, CEH, GCIA, CISM, etc.).