Senior Manager - Threat Intelligence Job
Company Name:
Mayo Clinic
Job Posting Number: 34936BR
Job Posting Title: Senior Manager - Threat Intelligence
Job Posting Category: Administration/Management , Business Professional , Engineering/Architecture , Information Technology
Work Site: MN - Rochester
Department: Information Security
Job Description
Just like all organizations, Mayo Clinic is under constant attack by advanced adversaries. Rather than continue to simply respond to alerts, Mayo Clinic is building a threat intelligence program to proactively identify likely threats to our enterprise. The Senior Manager for Threat Intelligence will be charged with developing and maintaining a high level vision for the program.
The threat intelligence program will make heavy use of data mining and artificial intelligence technologies to perform predictive identification of probable threats. The program will also seek to cluster known attacks with the ultimate goal of identifying previously unknown relationships between attacks. Attacker attribution is another key goal of the program. Because not everyone shares your passion for (or understanding of) raw data, you will be charged with developing reporting and visualization programs to ensure that mere mortals can take action on the data.
A successful candidate will have experience with data mining and visualization technologies. The candidate will have briefing skills and be comfortable managing heterogeneous teams. Ideally, the candidate will also have experience with attack attribution, cyber analytics, and adversary research. This role is critical in ensuring that Mayo Clinic is not only the best in healthcare delivery but also in protecting our patients, our data, and our brand.
Basic
Qualifications:
Bachelor's degree in Information Systems, Computer Science, Accounting, Business Administration, Engineering, or related field is required. Minimum of 10 years' experience (8 years' with relevant Master's Degree) in one or more of the following areas is required: Information Security, Information Technology, project management, business or security informatics, audit & assurance, Enterprise Risk Management, Corporate Compliance, security architecture/design strategy, policy or controls development, compliance readiness assessments (i.e. PCI, SOX, HIPAA, etc.), system analysis and implementation, or related function. In addition, a minimum of 3 years of direct supervisory or management experience is required.
Other
Qualifications:
Essential Duties and Responsibilities
Lead threat intelligence team in proactively and reactively identifying security threats
Develop and deliver threat intelligence reports to technical and executive staff
Analyze raw data (e.g. malware, network packets), log information, and written reports and evaluate them for viable threat intelligence
Distinguish and track cyber threat groups, particularly their methodology
Distinguish and track families of malware
Track relevant threat group correlations on a standardized & centralized analytical platform
Investigate and integrate internal and external intelligence sources and feeds into other Information Security groups
Develop and train more junior personnel in the area of threat intelligence
Convey both verbally and in writing:
Reasons an intrusion event should be correlated to a particular threat group
Methodological trends for threat groups and malware families
Distinctive attributes for each tracked threat group
Required Technical Skills
Experience with machine learning techniques and software
Experience with data visualization techniques and software
Experience with Python, DOT, Pandas, and/or Graphviz desired
Mastery in conducting qualitative nalysis on large data sets composed of technical information, especially for patterns or relationships pertaining to groups or individuals
Mastery of tracking threat data targeting corporate resources, staff, and customers
Experience in distinguishing and tracking cyber threat groups based on technical indicators
Knowledge of static and dynamic malware analysis techniques
Experience in performing technical research on the Internet (e.g. exploits, malware families, security whitepapers, operating system specifics)
In depth knowledge of enterprise systems, network and security infrastructure
Other Required Skills
Experience with enterprise data aggregation tools (i.e. SEIM)
Experience in tracking Advanced Persistent Threat groupsExperience with packet capture aggregation tools (i.e. NetWitness)
Ability to identify significant threat group correlations based on technical indicators
Ability to precisely interpret packet data with Wireshark
Ability to precisely interpret common log formats (e.g. Windows Event logs, FTP, Microsoft IIS, SSH)
Ability to precisely interpret a timeline of forensic events (particular Windows file system and Registry) and identify related events and patterns of activity
Ability to precisely interpret reports about a malware sample's features and capabilities
Ability to recognize correlations between malware samples (either raw binary samples or packet captures) that indicate they are part of the same family
Ability to think critically and properly qualify analytic assessments
Ability to provide concise, fact-based communications (both verbal and written)
Ability to master and communicate complex subjects
Ability to work in a team and to establish rapport with internal operations personnel
Ability to work to a deadline, with occasional same-day turnaround
Ability to work with little direct oversight
Ability to break down and solve complex problems with minimal guidance
Tools and Technologies
Python, DOT, Pandas
Machine Learning, Data Mining, Artificial Intelligence
SIEM (LogRhythm, Splunk), NetWitness, EnCase Enterprise
Visualization, Graphviz
License or Certification:
Certified as CISSP, GIAC, CISM, or security equivalent; or will obtain certification within 2 years of hire. Mayo Quality Fellow Bronze Level Certification or equivalent experience with Six Sigma/Lean based process improvement is required and Silver Level Certification (or equivalent) is preferred, including planning and facilitating improvement teams.
Benefit Eligible: Yes
Exemption Status: Exempt
Hours/Pay Period: Full Time
Schedule Details: Monday - Friday, 8:00 am to 5:00 pm
Weekend Schedule:
Compensation Detail: Education, experience, and tenure may be considered along with internal equity when job offers are extended.
Staffing Specialist: Jaimee Gertz
Company Statement:
Mayo Clinic provides the highest quality patient care by placing the needs of the patient first. You''ll discover a culture of teamwork, professionalism and mutual respect -- and most importantly, a life-changing career. We invite you to join our diverse team as we provide health, hope and healing to people from all walks of life.
Mayo Clinic is an equal opportunity educator and employer (including veterans and persons with disabilities).
Req ID: 34936BR
Date: Mon, 21 04 2014 00:00:00 GMT
Country: US
State: MN
City: Rochester
Postal Code: 55901
Locale: en_USEstimated Salary: $20 to $28 per hour based on qualifications.
Mayo Clinic
Job Posting Number: 34936BR
Job Posting Title: Senior Manager - Threat Intelligence
Job Posting Category: Administration/Management , Business Professional , Engineering/Architecture , Information Technology
Work Site: MN - Rochester
Department: Information Security
Job Description
Just like all organizations, Mayo Clinic is under constant attack by advanced adversaries. Rather than continue to simply respond to alerts, Mayo Clinic is building a threat intelligence program to proactively identify likely threats to our enterprise. The Senior Manager for Threat Intelligence will be charged with developing and maintaining a high level vision for the program.
The threat intelligence program will make heavy use of data mining and artificial intelligence technologies to perform predictive identification of probable threats. The program will also seek to cluster known attacks with the ultimate goal of identifying previously unknown relationships between attacks. Attacker attribution is another key goal of the program. Because not everyone shares your passion for (or understanding of) raw data, you will be charged with developing reporting and visualization programs to ensure that mere mortals can take action on the data.
A successful candidate will have experience with data mining and visualization technologies. The candidate will have briefing skills and be comfortable managing heterogeneous teams. Ideally, the candidate will also have experience with attack attribution, cyber analytics, and adversary research. This role is critical in ensuring that Mayo Clinic is not only the best in healthcare delivery but also in protecting our patients, our data, and our brand.
Basic
Qualifications:
Bachelor's degree in Information Systems, Computer Science, Accounting, Business Administration, Engineering, or related field is required. Minimum of 10 years' experience (8 years' with relevant Master's Degree) in one or more of the following areas is required: Information Security, Information Technology, project management, business or security informatics, audit & assurance, Enterprise Risk Management, Corporate Compliance, security architecture/design strategy, policy or controls development, compliance readiness assessments (i.e. PCI, SOX, HIPAA, etc.), system analysis and implementation, or related function. In addition, a minimum of 3 years of direct supervisory or management experience is required.
Other
Qualifications:
Essential Duties and Responsibilities
Lead threat intelligence team in proactively and reactively identifying security threats
Develop and deliver threat intelligence reports to technical and executive staff
Analyze raw data (e.g. malware, network packets), log information, and written reports and evaluate them for viable threat intelligence
Distinguish and track cyber threat groups, particularly their methodology
Distinguish and track families of malware
Track relevant threat group correlations on a standardized & centralized analytical platform
Investigate and integrate internal and external intelligence sources and feeds into other Information Security groups
Develop and train more junior personnel in the area of threat intelligence
Convey both verbally and in writing:
Reasons an intrusion event should be correlated to a particular threat group
Methodological trends for threat groups and malware families
Distinctive attributes for each tracked threat group
Required Technical Skills
Experience with machine learning techniques and software
Experience with data visualization techniques and software
Experience with Python, DOT, Pandas, and/or Graphviz desired
Mastery in conducting qualitative nalysis on large data sets composed of technical information, especially for patterns or relationships pertaining to groups or individuals
Mastery of tracking threat data targeting corporate resources, staff, and customers
Experience in distinguishing and tracking cyber threat groups based on technical indicators
Knowledge of static and dynamic malware analysis techniques
Experience in performing technical research on the Internet (e.g. exploits, malware families, security whitepapers, operating system specifics)
In depth knowledge of enterprise systems, network and security infrastructure
Other Required Skills
Experience with enterprise data aggregation tools (i.e. SEIM)
Experience in tracking Advanced Persistent Threat groupsExperience with packet capture aggregation tools (i.e. NetWitness)
Ability to identify significant threat group correlations based on technical indicators
Ability to precisely interpret packet data with Wireshark
Ability to precisely interpret common log formats (e.g. Windows Event logs, FTP, Microsoft IIS, SSH)
Ability to precisely interpret a timeline of forensic events (particular Windows file system and Registry) and identify related events and patterns of activity
Ability to precisely interpret reports about a malware sample's features and capabilities
Ability to recognize correlations between malware samples (either raw binary samples or packet captures) that indicate they are part of the same family
Ability to think critically and properly qualify analytic assessments
Ability to provide concise, fact-based communications (both verbal and written)
Ability to master and communicate complex subjects
Ability to work in a team and to establish rapport with internal operations personnel
Ability to work to a deadline, with occasional same-day turnaround
Ability to work with little direct oversight
Ability to break down and solve complex problems with minimal guidance
Tools and Technologies
Python, DOT, Pandas
Machine Learning, Data Mining, Artificial Intelligence
SIEM (LogRhythm, Splunk), NetWitness, EnCase Enterprise
Visualization, Graphviz
License or Certification:
Certified as CISSP, GIAC, CISM, or security equivalent; or will obtain certification within 2 years of hire. Mayo Quality Fellow Bronze Level Certification or equivalent experience with Six Sigma/Lean based process improvement is required and Silver Level Certification (or equivalent) is preferred, including planning and facilitating improvement teams.
Benefit Eligible: Yes
Exemption Status: Exempt
Hours/Pay Period: Full Time
Schedule Details: Monday - Friday, 8:00 am to 5:00 pm
Weekend Schedule:
Compensation Detail: Education, experience, and tenure may be considered along with internal equity when job offers are extended.
Staffing Specialist: Jaimee Gertz
Company Statement:
Mayo Clinic provides the highest quality patient care by placing the needs of the patient first. You''ll discover a culture of teamwork, professionalism and mutual respect -- and most importantly, a life-changing career. We invite you to join our diverse team as we provide health, hope and healing to people from all walks of life.
Mayo Clinic is an equal opportunity educator and employer (including veterans and persons with disabilities).
Req ID: 34936BR
Date: Mon, 21 04 2014 00:00:00 GMT
Country: US
State: MN
City: Rochester
Postal Code: 55901
Locale: en_USEstimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
