Senior Director, Cyber Threat Operations
The Cyber Threat Operations (CTOps) leader is responsible for managing activities relating to monitoring and responding to security events. Additionally, this position is responsible for the development and oversight of the CTOps program to ensure personnel are managed and operational efficiencies are maintained. An Information Security leadership team position, the CTOps leader works with multiple technology platforms and interfaces with other groups within IT security operations, IT security architecture, any offshore partners, and other technology and business functions.
The scope of duties for the CTOps leader’s organization includes overseeing: CSOC, Global CSIRT, Analytics, SOAR & SIEM, Threat Detection & Response (XDR/EDR/NDR), Threat Hunt, eDiscovery & Forensics, Intelligence & HVT Program, Cyber Behavior Monitoring (DLP), Vulnerability Scanning and Management, Threat Reporting, and Malware reverse engineering.
The role requires technical competence and experience managing diverse teams. Additionally, the role requires familiarity with recent threats and adversarial techniques, as well as the ability to quickly understand complex environments. Business and interpersonal skills are essential to manage risk to the business, interface with other business units and develop CSOC analysts. The CTOps manager contributes to the company information and digital security strategy and roadmap and is an excellent communicator at both the staff and executive levels.
- Manage a team of associates with onsite and offsite contractors to monitor for and respond to security events 24x7x365.
- Provide cybersecurity incident response leadership, as well as running postmortem exercises.
- Create measurable benchmarks for the organization to show progress (or deficiencies requiring additional attention)
- Plan and conduct regular incident training such as table top exercises, to include all members of the extended response team to foster incident plan and procedure familiarity and team training. Conduct these exercises at different levels including senior management and technical team.
- Automate repetitive tasks and drive efficiencies so analysts can work on more advanced tasks.
- Manage security event investigations, partnering with other departments as needed.
- Evaluate and update CSOC, Threat Operations and User Behavior Monitoring policies and procedures as appropriate.
- Integrate threat intelligence into cyber threat operations.
- Develop metrics and scorecards to measure risk to the organization, as well as effectiveness and efficiency of CSOC and Threat Operations activities.
- Partner with the security engineering team to improve tool usage and workflow, as well as with the advanced threats and assessment team to mature monitoring and response capabilities.
- Manage career development for a team of associates, including training and mentoring, conducting performance reviews and exhibiting behaviors to be modeled by team members.
- Implement a “talent pipeline” to develop skills and capabilities for associates, ranging from interns to Level IV analysts.
- Perform other duties as assigned.
Education & Experience:
- Bachelor’s degree in computer science, information assurance, MIS or related field, or equivalent.
- At least 10+ years of information security monitoring and response or related experience.
- Experience managing people, including technical staff.
- Experience managing a 24x7 operational environment.
- Focus on recruiting, developing and retaining employees.
- Excellence in communicating business risk from cybersecurity issues.
- Experience driving measurable improvement in monitoring and response capabilities at scale.
- Experience managing security information and event management (SIEM) systems, threat intelligence platforms, security automation and orchestration solutions, intrusion detection and prevention systems (IDS/IPS), file integrity monitoring (FIM), data loss prevention (DLP) and other network and system monitoring tools.
- Experience in investigations using formal chain-of-custody methods, forensic tools and best practices.
- Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
- CISSP (required); CISM and/or SANS certification a plus.
- Highly effective communicator with ability to influence business units.
- Analytical and problem-solving mindset.
- Highly organized and efficient.
- Leverages strategic and tactical thinking.
- Works calmly under pressure and with tight deadlines.
- Demonstrates effective decision-making skills.
- Is highly trustworthy; leads by example.
- Track record of successful personnel management.
Vertex is a global biotechnology company that invests in scientific innovation.
Vertex is committed to equal employment opportunity and non-discrimination for all employees and qualified applicants without regard to a person's race, color, sex, gender identity or expression, age, religion, national origin, ancestry, ethnicity, disability, veteran status, genetic information, sexual orientation, marital status, or any characteristic protected under applicable law. Vertex is an E-Verify Employer in the United States. Vertex will make reasonable accommodations for qualified individuals with known disabilities, in accordance with applicable law.
Any applicant requiring an accommodation in connection with the hiring process and/or to perform the essential functions of the position for which the applicant has applied should make a request to the recruiter or hiring manager, or contact Talent Acquisition at ApplicationAssistance@vrtx.com.