Company's Cybersecurity Architecture team is responsible for global Cybersecurity workflow automation and architecture in a highly regulated critical financial infrastructure environment. This group heavily influences and implements the platforms that are depended on for defending company0 and ensuring they are reliable and highly available. The Cybersecurity Architecture Manager heads the team responsible for identifying, evaluating, deploying, and continuously optimizing security platforms as well as monitoring control coverage and effectiveness.
- Uses experience and hands-on contribution to guide architecture and engineering of Cybersecurity controls, decision making, and analytics
- Empowers team members to identify the best commercial and open source tools and processes to accomplish their mission
- Oversees Architecture team and program identifying opportunities for process improvement in prevention, detection, triage and efficiency
- Recruits, retains, and motivates highly-talented staff and balances the need to allocate tasks efficiently with the need to keep talent engaged, challenged, and growing
- Committed to continuous education and being a recognized industry leader in Security
- Security Analytics - Designs and maintains security data flow from network endpoints through aggregation, retention, parsing, SIEM correlation and datalake mining
- Behavioral Analysis - Identifies and implements tools to baseline activity and alert or limit suspicious activity and insider threat among networks, databases, data and users
- Intrusion Detection and Prevention - Maintains commercial and open source wired and wireless infrastructure, tweaking rules to limit false positives and keep up with new threats while producing actionable data.
- Content Filtering and Advanced Threat Protection – Designs and adjusts egress content filtering, and advanced network and endpoint-based malware prevention and detection controls
- Visualization - Identifies new solutions and enhances existing open source and bespoke visualization toolsets to identify trends, compress event triage, understand data flows, identify anomalies, and automate reporting and analysis.
Knowledge and Experience
- University degree in Engineering, MIS, CIS, or related discipline
- 7+ years of relevant experience
- Deep hands-on experience with Systems Administration and/or IP Networking
- Experience supporting an advanced software development organization
- Experience in an exchange, trading facility, or financial services
- Experience mentoring peers within groups and individually
Specific Technologies: Windows, Linux and Mac endpoint detection and analysis. Data collection, normalization, indexing, correlation, and visualization. Packet capture, protocol identification, and analysis. Network, application, and log-based behavioral detection tools. DNS and application-level content-filtering. SMTP content, header, and attachment detection, filtering, and analysis. Scripting, regular expressions, string-parsing, light SDLC, and project management.