Manager - IS Threat Response (1.0 FTE, Days)
1.0 FTE, 8 Hour Day Shifts
At Stanford Children’s Health, we know world-renowned care begins with world-class caring. That's why we combine advanced technologies and breakthrough discoveries with family-centered care. It's why we provide our caregivers with continuing education and state-of-the-art facilities, like the newly remodeled Lucile Packard Children's Hospital Stanford. And it's why we need caring, committed people on our team - like you. Join us on our mission to heal humanity, one child and family at a time.
Reporting to the Chief Information Security Officer (CISO), the Threat Response Manager will lead all aspects of the Cyber Emergency Response Team (CERT), Threat Detection, Analysis and Response program, Insider Threat Investigations and manage the Security Operations Center (SOC) team. The manager will manage a small dedicated team, matrix-managed crisis response teams and an outsourced managed services team. The manager is expected to be a hands-on manager with overall responsibility for the team’s performance and duties.
The manager is responsible for advising senior leadership on all applicable threat response and investigatory matters as well the prevailing and emerging threat landscape. The manager leads an expanded response team (IT, Legal, Human Resources and other business stakeholders) to assure effective threat response, communication and mitigation strategies are tested and in place. The manager will be a strong manager/leader who is exceptionally imaginative, collaborative, and truly excited about enabling Stanford Children’s Health to achieve our mission of providing Extraordinary Care, Continual Learning and Breakthrough Discoveries.
The manager will be responsible for three primary sub-programs: Threat Detection and Response, Insider Threat Investigations, Predictive Threat Analytics and Intelligence and other pertinent duties as assigned by the CISO.
Threat Detection and Response
Leads the CERT and manages incidents through to conclusion, including but not limited to conducting post mortem analysis and developing preventative actions
Ensures appropriate tools and services are in place to rapidly detect and respond to threats to SCH, Stanford Medicine and our trusted partners
Analyzes network, system, and security events to determine whether an incident has occurred and leads appropriate response actions
Creates detailed reports on incidents within the enterprise to include trends, remediation steps taken, and feedback on how to prevent future incidents
Manages and directs the efforts of the outsourced SOC
Ensures threat response plans are in place and regularly exercised
Develops, documents and manages containment strategies recommending actions to mitigate the risk associated with intrusion attempts
Researches, implements and maintains proficiency in response and detection tools, countermeasures and attack method trends
May work with Federal and/or state and local law enforcement agencies
Insider Threat Investigations
Conducts cyber-forensic investigations of digital evidence/relevant information in response to pre/post attacks, to reconstruct events from and develop an understanding of intent, objectives and activities employed by threat actors
Provides unbiased digital evidence to appropriate parties in support of active investigations
Ensures appropriate tools are in place to identify potential insider threat to Stanford Children’s Health
Predictive Threat Analytics and Intelligence
Identifies advanced persistent threats by performing relevant research and data analysis
Assesses threats to the environment and provides applicable feedback into the design of our security architecture
Reviews cyber intelligence and threat data from both internal and external sources to develop in-depth analysis and threat assessments for company networks.
Any combination of education and experience that would likely provide the required knowledge, skills and abilities as well as possession of any required licenses or certifications is qualifying.
Education: BA or BS in Computer Science, Management Information Systems, or related field, from an accredited college or university. CISSP, GIAC, or other security certifications preferred (willingness to obtain CISSP within first year is desirable).
Experience: 5 years or more experience in Information Security (8+ years preferred) with 5+ years in an incident response, SOC lead, or penetration tester role
CISSP and GIAC Certified Incident Handler certifications desired.
Knowledge, Skills, and Abilities:
Advanced knowledge of the threat landscape and threat intelligence methodologies
Demonstrated ability to make decisions on remediation and counter measures
Thorough understanding of network defense technologies, TCP/IP networking, Active Directory, DHCP, DNS, network security monitoring tools, secure engineering principles and technical security testing methodologies
Working knowledge of threats to cyber security and understanding of the tools and tactics utilized by threat actors
Experience with one or more scripting languages (Perl, Python, or other) in an incident response environment
Extensive Windows, Mac, Linux and Unix experience including deep knowledge of file system layout, log file analysis, timeline creation, web browser forensics and file carving
Desktop, server, application, database, and network security hardening principles and practices for threat prevention
Knowledge of information security standards (e.g., ISO 17799/27002, etc.), rules and regulations related to information security and data confidentiality (e.g. HIPPA, PCI, DSS, etc.)
Strong leadership skills with demonstrated ability to prioritize and execute in a methodical and disciplined manner.
Excellent verbal and written communication skills and ability to present succinct and fact-based communications to diverse audiences of varying organizational levels including the executive board.
Strong analytical and problem-solving skills and ability to use independent judgment to make sound, justifiable decisions and act to solve problems.
Customer-focused mindset, with demonstrated skill in managing expectations, providing proactive status updates, and producing high-quality work product
Ability to work, plan, organize, prioritize and work both independently and within a collaborative, team environment to meet deadlines.
Working knowledge of local, state and federal regulatory requirements related to areas of functional responsibility.
This position requires some weekend and evening work as well as availability during off-hours for participation in scheduled and unscheduled activities. The manager should be prepared to back up the Chief Information Security Officer, as necessary.
Equal Opportunity Employer