Listing Description
H-ISAC Security Operations Center (SOC) Team Lead Job Description
About H-ISAC
The Health Information Sharing & Analysis Center (H-ISAC) is a trusted community of critical infrastructure owners and operators within the Health Care and Public Health sector. The community is focused on sharing timely, actionable and relevant information including threat intelligence, incidents and vulnerabilities that can include indicators of compromise (IOCs), tactics, techniques and procedures (TTPs) of threat actors, best practices, mitigation strategies and other valuable material. H-ISAC fosters the building of relationships and networking through a number of conferences, workshops and educational events to facilitate trust.
H-ISAC’s mission is to enable and preserve the public trust by advancing cyber and physical security protection and resilience of the global health sector. H-ISAC works with international CERTS, other ISACs, governments, law enforcement, vendors and associations such as HIMSS, MDISS, EHNAC and CHIME.
Job Overview
The Security Operations Center (SOC) Team Lead will help build and then run the H-ISAC’s Cyber and Physical Security Operations services delivered to member organizations. The candidate should be a self-starting, highly motivated individual who can operate with little oversight and excel in a dynamic environment.
The SOC Team Lead will be in a unique position to help build out a new Security Operations Center capability at the H-ISAC headquarters in Titusville, FL. The SOC Team lead will define, implement and deliver Cyber and Physical Security Services to H-ISAC members which are consistent with the long-term goals and objectives of the H-ISAC and its Board of Directors – to attract and retain members, operate with execution excellence, and deliver community defense for the healthcare sector.
The SOC Team Lead will manage a team of intelligence analysts and will partner with H-ISAC subject matter experts to deliver cyber and physical threat reports to the broader H-ISAC membership. The SOC Team Lead will serve as a practitioner and team lead while building out and then running day-to-day SOC services. The SOC Team Lead will be responsible for recruiting, hiring and leading the threat intelligence analyst staff. The SOC Team Lead will report to the H-ISAC Chief Security Officer (CSO). The candidate will be in a unique position to develop a new operations center and improve services while increasing their own level of professional responsibilities and set of experiences.
Essential Duties and Responsibilities:
• Help build and implementing commercial products and information / intelligence services to enable SOC functions.
• Develop and deliver cyber and physical threat intelligence products for H-ISAC members and subscribers, including strategic and tactical reports specific to the healthcare sector. Tactical reports include threat, event and incident driven reports. Other regular reporting includes, for example, Daily Cyber Headlines, Weekly Threat Updates, Monthly Threat Briefing and an Annual Threat Landscape.
• Manage the daily operational aspects of the H-ISAC SOC. Operate and maintain the H-ISAC SOC to provide Cyber and Physical Threat Intelligence and Geopolitical Intelligence and analysis to H-ISAC members.
• Stay up-to-date and evaluate security trends, evolving threats, risks and vulnerabilities and apply tools to evaluate the risk in the context of the healthcare sector to mitigate risk.
• Oversee H-ISAC response and member support activity during incident response including malware outbreaks, zero day vulnerabilities and other major security events.
• Synthesize and Analyze H-ISAC member sharing data, relevant commercial and open source feeds to provide trending analysis and a regular annual report.
• Collaborate with H-ISAC teams to deliver informative content to H-ISAC members, cross sector entities and public sector partners.
• Facilitate information security awareness within H-ISAC member organizations including, for example, training and analyst exchange events at the H-ISAC SOC.
• Provide leadership and manage SOC analysts. Serve as a mentor, coach and facilitator to develop a world class cyber threat intelligence analysis team.
• Develop and maintain an annual budget for operational costs.
• Coordinate with other departments on exercises, programs, and workshops, as needed.
• Develop metrics and Key Performance Indicators (KPIs) to monitor and measure SOC performance and to enable efforts for continuous improvement.
• Occasional need to work varied shifts, including weekends and holidays in support of incidents or other events
Qualifications
• Bachelor’s degree in Information Systems, Computer Science, or a related discipline.
• At least 5 years working in Information Security Technology or Cyber Threat Intelligence or related discipline or equivalent work experience.
• Demonstrated success in delivering technology capabilities with a desire to think creatively and produce results.
• Working knowledge of Microsoft Office products with focus in Excel, Access, and Visio; SharePoint experience a plus.
• Experience with advanced intelligence analytics tools such as IBM/i2’s Analyst Notebook, Paterva/Maltego, Mitre CRITs, etc.
• Working knowledge of Mitre's STIX™, TAXII™, and ATT&CK™, Lockheed Martin’s Cyber Kill Chain®, Diamond Model of Intrusion Analysis
• Experience with Soltra, Perch or other automated information sharing platforms
• 2+ years experience using a Cyber Threat Intelligence Platform such as Anomali, ThreatQuotient or ThreatConnect.
• Familiar with threat intelligence service providers and methodologies including Traffic Light Protocol (TLP) to preserve classification and information handling requirements.
• At least 2 years demonstrated experience Information Security, Incident Handling, Malware Research, Hacker Techniques, and Incident Handling training and/or certification (CISSP, GCIH, SANS GIAC, etc.).
• High interest and ability to manage a technology focused staff
• Excellent analytical, troubleshooting, written and verbal communication skills.
• Ability to interact with H-ISAC members and subject matter experts while balancing business imperatives.
• Ability to communicate technical issues to technical and non-technical audiences.
• Ability to balance multiple demands and lead a team to develop solutions in a fast-paced environment.
• Experience developing and maintaining policies, procedures, standards and guidelines.
• Highly motivated team player, eager to learn new skills; take on expanded roles and expanded responsibility.Essential Duties and Responsibilities:
• Help build and implementing commercial products and information / intelligence services to enable SOC functions.
• Develop and deliver cyber and physical threat intelligence products for H-ISAC members and subscribers, including strategic and tactical reports specific to the healthcare sector. Tactical reports include threat, event and incident driven reports. Other regular reporting includes, for example, Daily Cyber Headlines, Weekly Threat Updates, Monthly Threat Briefing and an Annual Threat Landscape.
• Manage the daily operational aspects of the H-ISAC SOC. Operate and maintain the H-ISAC SOC to provide Cyber and Physical Threat Intelligence and Geopolitical Intelligence and analysis to H-ISAC members.
• Stay up-to-date and evaluate security trends, evolving threats, risks and vulnerabilities and apply tools to evaluate the risk in the context of the healthcare sector to mitigate risk.
• Oversee H-ISAC response and member support activity during incident response including malware outbreaks, zero day vulnerabilities and other major security events.
• Synthesize and Analyze H-ISAC member sharing data, relevant commercial and open source feeds to provide trending analysis and a regular annual report.
• Collaborate with H-ISAC teams to deliver informative content to H-ISAC members, cross sector entities and public sector partners.
• Facilitate information security awareness within H-ISAC member organizations including, for example, training and analyst exchange events at the H-ISAC SOC.
• Provide leadership and manage SOC analysts. Serve as a mentor, coach and facilitator to develop a world class cyber threat intelligence analysis team.
• Develop and maintain an annual budget for operational costs.
• Coordinate with other departments on exercises, programs, and workshops, as needed.
• Develop metrics and Key Performance Indicators (KPIs) to monitor and measure SOC performance and to enable efforts for continuous improvement.
• Occasional need to work varied shifts, including weekends and holidays in support of incidents or other events
Listing Details
- Salary: $110000 - $130000
- Citizenship: Us Citizen
- Incentives: Bonus
- Education: Bachelors Degree
- Travel: Travel 25
- Telework: No Telecommute