IT Security Operations Manager

Job Description 

The Security Operations Manager plays a key role in the proactive monitoring, identification, analysis, and remediation of security vulnerabilities within the company's systems and infrastructure. This hands-on role will be responsible for day-to-day operations, including the monitoring of Workleap's security infrastructure, recommending specific measures that can improve the company’s overall security posture, and ensuring the organization's systems & data are protected. 

So, what will your new role look like? 

• Take direct responsibility for protecting the organization's digital assets, through hands-on management of both cloud and on-prem security infrastructures.  
• Continuously monitor security events and alerts from various sources within the enterprise's environment, including network traffic, firewall logs, and intrusion detection systems. Analyze these events to identify any signs of unauthorized access, insider threats, or other malicious activities. 
• Serve as a key player in the initial response to any detected security incidents. Follow established procedures for incident escalation and resolution. Document and manage incidents from initial detection through final resolution, including steps taken for mitigation and recommendations for preventing future occurrences.  
• Stay informed about the latest cybersecurity threats and vulnerabilities. Analyze threat intelligence reports and feeds to understand how emerging threats might impact the organization. Use this information to help refine security monitoring strategies and improve defenses.  
• Participate in vulnerability management and penetration testing activities to identify weaknesses within the organization’s systems and applications. Work with IT and development teams to prioritize and remediate identified vulnerabilities according to the risk they pose. 
• Manage and configure security monitoring tools and technologies, such as SIEM (Security Information and Event Management) systems, antivirus software, and intrusion detection/prevention systems. Ensure these tools are optimized to detect and respond to threats effectively. 
• Creates documentation and planning for all security-related information, including secure procedures, security guides, cybersecurity incident response and helping teams draft their disaster recovery plans.   

As a functional lead, in addition to main responsibilities:  

• Contributes to defining the team's objectives, in alignment with department and function objectives. 
• Serves as a key mentor and guide, utilizing extensive technical expertise to support and elevate team members' growth. 
• Actively contributes to the creation and implementation of operational milestones that are critical for achieving strategic objectives, with a focus on aligning these efforts with the organization's broader goals.  
• Acts as an example to other team members by delivering results with great quality and high velocity.  
• Addresses complex issues by conducting thorough analyses, demonstrating a deep understanding of all relevant variables to find effective solutions. 
• Lead by example in initiating and driving forward projects within the team that aim to continually refine and advance practices. 

What does your future team look like?   

The current security team consists of 1 Security Analyst, 2 Appsec Specialists and 1 GRC Specialist. The future managers will have a direct input into the composition of their respective teams. We see a significant growth for this team to double in size this year. 

Qualifications 

•  7+ years of experience in various cyber security functions (Infrastructure Security, Vulnerability and Patch Management, Network Security, Incident Management, Cloud Security, Data Security, Threat Intelligence);
•  Hands-on experience in security operations and incident response;
•  A minimum of 3 years of experience in leading and managing projects and teams;
•  Comprehensive understanding of enterprise security architecture and tools;
•  Extensive experience with SIEM, EDR, IDS/IPS, Active Directory, VM and other related solutions;
•  Industry-related security certification is preferred (CEH, Security+, CISM, CISSP);
•  Extensive experience of cloud environments is preferred (AWS, Azure);
•  Knowledge of enterprise IT security concerns and technologies, including but not limited to VPNs, network security, encryption, authentication, application-level network protocols, PKI, IPSec, Firewall, SSH, SSL, , LAN/WAN, and TCP/IP;
•  Scripting knowledge in Python and PowerShell;
• Strong client communication skills to include verbal and written communication.