Friedman Williams
Information Security Manager New York NY
Job ID: 19954
The Manager of Information security is responsible for the leadership and development of the Global Information Security program.
Lead and Manage Engineering Team: Oversee a high-performing team of security engineers, driving the execution of security projects, incident response, and vulnerability management across systems and applications.
Hands-on Technical Leadership: Directly engage in hands-on engineering tasks, including designing, implementing, and reviewing security architectures, tools, and systems to mitigate risk and strengthen infrastructure.
Security System Development and Implementation: Take ownership of developing and deploying security solutions, including firewalls, intrusion detection systems, encryption technologies, and access control mechanisms.
Threat Hunting and Vulnerability Management: Lead proactive threat hunting efforts and oversee vulnerability scanning, assessment, and remediation to identify and address security gaps before they impact the organization.
Engineering Team Development: Cultivate and nurture a highly skilled security engineering team by mentoring, conducting knowledge sharing sessions, and promoting a culture of continuous improvement.
Incident Response and Root Cause Analysis: Lead the technical response to security incidents, ensuring effective identification, containment, and resolution of threats, while conducting root cause analysis for long-term mitigation.
Security Automation and Tooling: Drive the development and integration of automation solutions to improve the efficiency and effectiveness of security operations, including SIEM tools, incident management, and threat detection systems.
Collaboration on Product Security: Partner with development teams to embed security in the software development lifecycle (SDLC), ensuring secure coding practices, conducting code reviews, and supporting secure application deployment.
Security Architecture and Design Reviews: Conduct regular security reviews of system architectures and designs, ensuring that new projects and features adhere to security best practices and organizational objectives.
Qualifications
• Minimum 10+ years of experience in Information Security with experience in enterprise scale threat management program such as threat hunting, incident response, forensics.
• Hands-on experience in designing and implementing technical solutions of IT Security tools at the enterprise level – e.g. Endpoint Security, Network Security, SIEM modeling, Vulnerability Management, etc.
• Demonstrated hands-on experience in full cycle of incident response and post-incident activities – including prevention steps and building detection alerts.
• Experience working with cyber threat intelligence and the Mitre ATT&CK framework.
• Experience with SIEM technologies, including administration and analyst operation of SIEM within SOC functionality.
• Ability to parse logs, create queries, and perform root cause analysis of events.
• Understanding of malware, emerging threats, attacks, and vulnerability management.
• Working experience on various security control technologies, such as IDS/IPS, Network and Host-based firewalls, DLP (Data Leakage Protection), encryption solutions, endpoint security
• Knowledge of networking components and various operating systems and cloud environments and understanding their security principles and technologies.
• Excellent communication skills, troubleshooting and analytical thinking skills, self-driven, multi-tasking, work collaboratively in a team environment, and willingness to adapt to change in dynamic, global environment are critical.
• Participate in a 24×7 Incident Response Team and available to work evenings and weekends as needed.
• Hands experience on cloud platform security (AWS, Azure) a plus
• Programming / scripting experience with Python, Powershell etc. a plus
• Bachelor’s Degree and current industry Certifications (must be current):
Required:
• Certified Information System Security Professional – CISSP
Nice to have
• SAN: GIAC, GNFA, GCFA, GPEN, GCDA, GCIH, etc.
• Certified Ethical Hacker – CEH
• Cisco certified Network Associate – CCNA
• Cisco Information Security Specialist (CQS)
• Cisco Certified Firewall Specialist – CQS
• Cisco IPS Specialist (CQS)
If interested, please send your resume to Todd Grossman at: tgrossman@friedmanwilliams.com