Security Operations Vice President- Threat Detection Engineer

Embrace the challenge of maintaining robust digital security, driving operational excellence, and implementing cutting-edge solutions in cybersecurity.

As a Security Operations Vice President in Cybersecurity & Tech Controls, you will contribute significantly to safeguarding the organization's digital assets and infrastructure by proactively detecting, assessing, and responding to threats, vulnerabilities, and security incidents. This team is responsible for enhancing the firm's ability to assess and mitigate Insider Threat Technology Risk through advanced pattern-based and behavior-based detections. This expanded team, known as Global Technology Insider Threat, acts as the central authority for assessing Insider Risks within the Global Technology domain, serving as the primary point of contact for all technological Insider Threat detections and referrals. Our commitment is to proactively hunt insider threats using cutting-edge intelligence, develop sophisticated detection logic, and implement behavior-based detections to safeguard the firm's invaluable assets and data. By leveraging the expertise of our broader Cybersecurity Operations and Global Security teams, we ensure swift and effective incident response. Our goal is to foster a secure and resilient IT environment, maintaining the highest standards of protection and trust for our organization.

**Job responsibilities**
- Execute and influence the design of comprehensive security strategies, policies, and procedures to enhance threat detection capabilities and protect the organization's digital assets and infrastructure from cybersecurity threats.
- Proactively monitor and analyze complex data and systems to identify indicators of vulnerabilities and compromises, utilizing advanced tools and techniques to detect anomalies and contribute to the development of strategies for security investigation, threat mitigation, and incident response.
- Collaborate with cross-functional teams to ensure a coordinated approach to security, sharing insights, and promoting best practices across the organization.
- Evaluate and enhance the organization's security posture by staying current with industry trends, emerging threats, and regulatory requirements, driving innovation and process improvements.
- Utilize various data elements from a library of control objectives and procedures, threat behavior and likelihood assessments, prevention and detection policies, and security log data feeds to identify potential insider threats. Recommend appropriate mitigation strategies based on your analysis.
- Actively search for insider threats using advanced intelligence and sophisticated correlation searches to protect the firm's assets and data.Create and implement customized pattern-based and behavior-based detection strategies to identify and mitigate insider threats within the organization.

**Required qualifications, capabilities, and skills**
- Bachelor’s Degree in Computer Science, Cybersecurity, Data Science, or related disciplines
- Formal training or certification on security concepts and 5+ years of applied experience in cybersecurity operations, with a focus on threat detection, incident response, and security infrastructure management.
- Demonstrated expertise in multiple security domains, including network security, malware analysis, threat hunting, and security architecture and design, with proficiency in using Security Information and Event Management (SIEM) tools and advanced analytics techniques.
- Advanced knowledge of network and infrastructure configuration/security, including experience in designing and implementing security solutions for on-prem, cloud, or hybrid environments.
- Good hands on experience in designing and implementing user behavior analytics (UBA) and AI/ML methodologies to detect anomalies.
- Proficient in identifying attacks through log analysis and develop and maintain insider threat detection tools and methodologies.
- Good working knowledge of designing and automating security workflows, working with cloud services, containerization, and orchestration tools.Good understanding of cybersecurity organization practices, operational risk management processes, security controls, architectural design, engineering threat detections, and incident response methodologies.

**Preferred qualifications, capabilities, and skills**
- Experience in security operations, detection engineering, and risk management.
- Experience in automation and cloud technologies.
- Experience with statistical models, data loss prevention, and both endpoint and network security.
- Certifications such as CISSP, CISM, or SANS (GCIA, GCIH, GCDA, GDAT).
- Experience in the financial services or similar industry and their IT systems.