Security Operations Center Manager

Position Title Security Operations Center Manager The Opportunity

This position has the primary responsibility for the Mines cybersecurity monitoring and incident response functions as carried out through the Mines Security Operations Center (SOC). The SOC is staffed by student security analysts who report to the SOC Manager. The SOC Manager trains the student analysts and develops and maintains automated workflows and playbooks for the student security analysts to follow when they encounter an alarm or alert within the security logs. The student security analysts also respond to routine security incidents involving only a few users. The SOC manager

is the second-tier technical support for incidents and tickets and can call on the security engineers or other security team members for a more in-depth incident investigation and recovery as needed, or as the incident impact increases.

This position performs all SOC functions including: (1) cybersecurity incident response, (2) managing the Tier 1 student security analysts and any security contractors (3) managing the Security Information and Event Management (SIEM) reporting functions, but not administering the device, (3) developing SOC capabilities through runbooks, training, incident response exercises, and automation, (4) coordinating and tracking of incident containment, eradication, and recovery activities, (5) tracking incident detection and response metrics, and (6) coordinating and delivering security awareness training for the Mines community.

Responsibilities

Information Security Analyst – Incident Response

• Review all identified sources for signs of attack or compromise. Detect and identify attacks and respond to alarms and alerts. Information sources include but are not limited to:
  • Output from the Security Incident and Event Management (SIEM) System or Managed Detection and Response (MDR) services
  • Microsoft Cloud App Security alerts and logs
  • Phishing reports and email logs
  • Secure Government Enclave cloud monitoring logs
• Work with log owners and managers to ensure needed security information is collected and transmitted.
• Develop or request appropriate alarms and alerts for incident detection.
• When compromise or attack is suspected, investigate the event to confirm or exclude an incident and respond using standard process or best practice.
• Write and maintain runbooks for common security events and incidents
• Prepare for significant incidents by developing and maintaining appropriate contact and escalation lists and incident recovery plans

SOC Management

• Schedule student security analysts for regular shifts.
• Identify, recruit, and manage student employees.
• Train students to be effective Tier 1 security analysts.
• Review daily logbook entries.
• Maintain metrics on SOC operations.

Incident Response

• Identify incident type and scope.
• Determine whether Tier 3 or Privacy Office support is required.
• Assign an incident manager, per the Mines Incident Response Plan, if warranted by incident scope.
• Determine and implement an appropriate containment plan and coordinate with other ITS and Mines groups.
• Determine and implement an appropriate eradication plan and coordinate with other ITS and Mines groups.
• Determine and implement an appropriate recovery plan. Write tickets for other teams or request projects as appropriate for the size of the recovery action.

Develop Security Incident Response Capabilities

• Develop and implement runbooks and related documentation for SOC operations.
• Improve SOC effectiveness through training, run book development, better incident response processes, and SOC testing through tabletop exercises and mock attacks.
• Advocate for improved monitoring and alerting with tools such as SEIMs or other log correlation tools, 24x7 monitoring, automated alerts based on logs, threat intelligence, and machine learning.
• Script protective actions for firewalls, DNS filters, TeamDynamix, or other automation platforms.
• Perform incident response exercises and participate in third-party exercises and penetration tests.
• Develop standard containment, eradication, and recovery plans in coordination with other ITS and Mines teams.
• Explore collaborative opportunities for incident response with other universities.

Coordinate Security Awareness Training for all Information Security Roles

• Collect metrics for security awareness training.
• Distribute and track security awareness training.
• Develop and administer security awareness training.

Minimum Qualifications

• Bachelor’s degree in Computer Science, Information Security, or related field AND; 4 years of experience in information technology, with at least 2 years experience in cybersecurity operations, incident response, and SOC analysis.
• A master’s degree in cybersecurity could substitute for up to 2 years of experience.
• Demonstrated knowledge of log monitoring and incident response.
• Experience with at least one cybersecurity incident framework such as MITRE, kill chain, or NIST.
• Commitment to an organized and documented approach to daily operations.
• A demonstrated collaborative approach to learning and sharing knowledge in STEM-related disciplines and research.
• Demonstrated ability to diagnose/resolve technical problems independently.
• Must be eligible to work in secure computing environments including International Traffic in Arms Regulations (ITAR) and Controlled Unclassified Information (CUI).
• Excellent written and verbal communication skills.

Preferred Qualifications

• Master’s degree in Computer Science, Information Security, or related field.
  
  
• 2 years of management experience.
  
  
• Any cybersecurity certification.
• GIAC Certified Incident Handler, Certified Ethical Hacker, CISSP or CISM preferred.
• Experience with data confidentiality, security, and privacy requirements related to a research university including, without limitation, the Federal Information Security Act, the Family Educational Rights and Privacy Act, and NIST 800-53.
• Knowledge of current and emerging technologies, such as Software Defined Networking, Science DMZ implementation, protected networks, and data enclaves.

About Mines & Golden, CO
Mines is consistently ranked among the top engineering colleges in the United States and ranks number one as the best public school in the state for best value colleges. Mines is located in the heart of Golden, Colorado, a western suburb of Denver. The campus location offers a small-town ambiance with close proximity to all that the Denver metropolitan area has to offer with an abundance of cultural events, museums, theaters and sporting venues. An arid climate and an average 300 days of sunshine per year make the area an ideal place to live, work and play. We seek individuals who value a diverse and inclusive community – offering different perspectives, experiences, and cultures that enrich the educational and work experience. Equal Opportunity

Colorado School of Mines is committed to equal opportunity for all persons. Mines does not discriminate on the basis of age, sex, gender (including gender identity and gender expression), ancestry, creed, marital status, race, ethnicity, religion, national origin, disability, sexual orientation, genetic information, veteran status or current military service. Further, Mines does not retaliate against community members for filing complaints regarding or implicating any of these protected statuses.

Mines’ commitment to nondiscrimination, affirmative action, equal opportunity and equal access is reflected in the administration of its policies, procedures, programs and activities and in its efforts to achieve a diverse student body and workforce.

Through its policies, procedures and resources, Mines complies with federal law, Colorado state law, administrative regulations, executive orders and other legal requirements to prevent discrimination (including harassment or retaliation) within the Mines campus community and to address potential allegations of inequity or concerns for safety.

Pay Range

$$95,655-$105,630

Mines takes into consideration a combination of candidate’s education, training and experience as well as the position’s scope and complexity, the discretion and latitude required in the role, work location, and external market and internal value when determining a salary level for potential new employees.

Total Rewards Mines is proud to provide exceptional benefits that include pay, health & wellness and work/life balance offerings. Our portfolio of benefits includes medical, dental, vision, disability insurance, flexible spending accounts, life insurance, and retirement savings plans. Additionally, Mines employees are eligible for tuition benefits (for employees and dependents), generous paid holidays and leaves and discount programs. For more information, visit Mines benefits . How to Apply Applicants will be asked to complete an online application (personal information, demographic information, references, veterans status) and upload a resume and cover letter (required). References will not be contacted until later in the selection process and you will be informed before that contact is made. Background Investigation Required Yes COVID-19 Vaccine Requirement This position will require documented proof of full COVID-19 vaccination or exemption because of a medical or religious exclusion. New employees will be required to provide attestation to their status with proof of vaccination upon hire. Religious and medical exemptions and reasonable accommodation shall be addressed as required by law pursuant to the Equal Employment Opportunity Commission’s vaccination guidance.


Advertised: Mar 29, 2022 Mountain Daylight Time
Applications close: