Manager - IS Threat Response (1.0 FTE, Days)

This job posting is no longer active

Category: Information Technology
Job Type: Full-Time
Shift: Days
Location:  Menlo Park CA 94025
Req: 8611
FTE: 1

Information Technology

1.0 FTE, 8 Hour Day Shifts

At Stanford Children’s Health, we know world-renowned care begins with world-class caring. That's why we combine advanced technologies and breakthrough discoveries with family-centered care. It's why we provide our caregivers with continuing education and state-of-the-art facilities, like the newly remodeled Lucile Packard Children's Hospital Stanford. And it's why we need caring, committed people on our team - like you. Join us on our mission to heal humanity, one child and family at a time.

Job Summary 

Reporting to the Chief Information Security Officer (CISO), the Threat Response Manager will lead all aspects of the Cyber Emergency Response Team (CERT), Threat Detection, Analysis and Response program, Insider Threat Investigations and manage the Security Operations Center (SOC) team. The manager will manage a small dedicated team, matrix-managed crisis response teams and an outsourced managed services team. The manager is expected to be a hands-on manager with overall responsibility for the team’s performance and duties.

The manager is responsible for advising senior leadership on all applicable threat response and investigatory matters as well the prevailing and emerging threat landscape. The manager leads an expanded response team (IT, Legal, Human Resources and other business stakeholders) to assure effective threat response, communication and mitigation strategies are tested and in place. The manager will be a strong manager/leader who is exceptionally imaginative, collaborative, and truly excited about enabling Stanford Children’s Health to achieve our mission of providing Extraordinary Care, Continual Learning and Breakthrough Discoveries.

Essential Functions

The manager will be responsible for three primary sub-programs: Threat Detection and Response, Insider Threat Investigations, Predictive Threat Analytics and Intelligence and other pertinent duties as assigned by the CISO.

Threat Detection and Response

  • Leads the CERT and manages incidents through to conclusion, including but not limited to conducting post mortem analysis and developing preventative actions

  • Ensures appropriate tools and services are in place to rapidly detect and respond to threats to SCH, Stanford Medicine and our trusted partners

  • Analyzes network, system, and security events to determine whether an incident has occurred and leads appropriate response actions

  • Creates detailed reports on incidents within the enterprise to include trends, remediation steps taken, and feedback on how to prevent future incidents

  • Manages and directs the efforts of the outsourced SOC

  • Ensures threat response plans are in place and regularly exercised 

  • Develops, documents and manages containment strategies recommending actions to mitigate the risk associated with intrusion attempts 

  • Researches, implements and maintains proficiency in response and detection tools, countermeasures and attack method trends 

  • May work with Federal and/or state and local law enforcement agencies 

Insider Threat Investigations 

  • Conducts cyber-forensic investigations of digital evidence/relevant information in response to pre/post attacks, to reconstruct events from and develop an understanding of intent, objectives and activities employed by threat actors 

  • Provides unbiased digital evidence to appropriate parties in support of active investigations 

  • Ensures appropriate tools are in place to identify potential insider threat to Stanford Children’s Health

Predictive Threat Analytics and Intelligence

  • Identifies advanced persistent threats by performing relevant research and data analysis

  • Assesses threats to the environment and provides applicable feedback into the design of our security architecture

  • Reviews cyber intelligence and threat data from both internal and external sources to develop in-depth analysis and threat assessments for company networks. 

Minimum Qualifications

Any combination of education and experience that would likely provide the required knowledge, skills and abilities as well as possession of any required licenses or certifications is qualifying. 

Education: BA or BS in Computer Science, Management Information Systems, or related field, from an accredited college or university. CISSP, GIAC, or other security certifications preferred (willingness to obtain CISSP within first year is desirable). 

Experience: 5 years or more experience in Information Security (8+ years preferred) with 5+ years in an incident response, SOC lead, or penetration tester role

CISSP and GIAC Certified Incident Handler certifications desired.

Knowledge, Skills, and Abilities:

Technical Skill/Experience

  • Advanced knowledge of the threat landscape and threat intelligence methodologies

  • Demonstrated ability to make decisions on remediation and counter measures

  • Thorough understanding of network defense technologies, TCP/IP networking, Active Directory, DHCP, DNS, network security monitoring tools, secure engineering principles and technical security testing methodologies

  • Working knowledge of threats to cyber security and understanding of the tools and tactics utilized by threat actors

  • Experience with one or more scripting languages (Perl, Python, or other) in an incident response environment

  • Extensive Windows, Mac, Linux and Unix experience including deep knowledge of file system layout, log file analysis, timeline creation, web browser forensics and file carving

  • Desktop, server, application, database, and network security hardening principles and practices for threat prevention 

  • Knowledge of information security standards (e.g., ISO 17799/27002, etc.), rules and regulations related to information security and data confidentiality (e.g. HIPPA, PCI, DSS, etc.)

  • Strong leadership skills with demonstrated ability to prioritize and execute in a methodical and disciplined manner. 

  • Excellent verbal and written communication skills and ability to present succinct and fact-based communications to diverse audiences of varying organizational levels including the executive board. 

  • Strong analytical and problem-solving skills and ability to use independent judgment to make sound, justifiable decisions and act to solve problems. 

  • Customer-focused mindset, with demonstrated skill in managing expectations, providing proactive status updates, and producing high-quality work product 

  • Ability to work, plan, organize, prioritize and work both independently and within a collaborative, team environment to meet deadlines.

  • Working knowledge of local, state and federal regulatory requirements related to areas of functional responsibility.

This position requires some weekend and evening work as well as availability during off-hours for participation in scheduled and unscheduled activities. The manager should be prepared to back up the Chief Information Security Officer, as necessary. 


Equal Opportunity Employer

Lucile Packard Children’s Hospital Stanford strongly values diversity and is committed to equal opportunity and non-discrimination in all of its policies and practices, including the area of employment. Accordingly, LPCH does not discriminate against any person on the basis of race, color, sex, sexual orientation or gender identity, religion, age, national or ethnic origin, political beliefs, marital status, medical condition, genetic information, veteran status, or disability, or the perception of any of the above. People of all genders, members of all racial and ethnic groups, people with disabilities, and veterans are encouraged to apply. Qualified applicants with criminal convictions will be considered after an individualized assessment of the conviction and the job requirements, and where applicable, in compliance with the San Francisco Fair Chance Ordinance.