Manager of Threat Hunting, Detection and Analysis

Back Click Here to Apply

Title :

Manager of Threat Hunting, Detection and Analysis

Location :

Houston

Job Summary

Gibson Dunn is a leading global law firm, advising clients on significant transactions and disputes. Our exceptional teams craft and deploy creative legal strategies that are meticulously tailored to every matter, however complex or high-stakes. The firm’s work is distinguished by a unique combination of precision and vision.

Based in any of our US offices, the Manager of Threat Hunting, Detection and Analysis is responsible for the development, implementation and oversight of the firm’s information security detection, response & analysis function. The Manager, Threat Hunting, Detection and Analysis is a hands-on technologist. The Manager, Threat Hunting, Detection and Analysis a subject matter expert (SME) for relevant information security platforms and plays a primary role in investigating information security events and incidents.

As a leader within the Information Security Team, the Manager of Information Security Detection & Response takes a central role in actively promoting a culture of information security throughout the organization.

The scope of this position is firm wide and requires a thorough understanding of all the IT systems the firm uses, and how those systems are secured. The Manager of Information Security Detection & Response works with internal and external technology and business stakeholders to ensure that events and incidents are investigated to closure.

This role reports to the Senior Director of Information Security Operations.

 

Responsibilities include:

  • Excellent customer service skills and sense of urgency when resolving issues
  • Provide technical leadership for the information security detection, response & analysis function
  • Provide technical leadership for the vulnerability management program
  • Works closely with firm’s application development team in ensuring that secure application development practices in-place and are optimally implemented
  • Develop and maintain effective metrics across areas of responsibility
  • Take the lead role in developing and applying configuration management practices consistent with established standards and baselines
  • Take an active role in developing and managing information security programs
  • Take a contributing role in the selection and evaluation of new information security technologies
  • Is an active member of the Incident Response Team
  • Conduct regular technical risk assessments of systems and infrastructure
  • Oversee and directly participate in the installation, configuration, and monitoring of new information security technologies
  • Engage proactively in risk management activities
  • Assist in the development and knowledge transfer to information security team members, as well as other IS or firm groups
  • Promote a culture of information security across all business units
  • Understand the role of systems and technology within the firm and the value they deliver to the business
  • Maintain current security certifications and attend industry seminars and relevant continuing education events

Qualifications

  • Ability to relate to non-technical users in user-friendly language
  • Ability to understand technical implications of security threats
  • Ability to motivate and lead a team of diverse technical professionals
  • Ability to manage multiple concurrent objectives or activities, and effectively make judgments in prioritizing and time allocation in a high-pressure environment
  • Ability to gauge one’s strengths and limitations
  • Ability to write clear and concise reports, including executive summaries
  • Ability to deal with changes and adapt to a changing environment
  • Must demonstrate the ability to maintain strict confidentiality of the firm’s internal and personnel affairs
  • Ability to work well with others, harness different skills and experience, and build a strong sense of team spirit
  • Highly self-motivated and directed
  • Ability to work in a multi-office environment and willingness to travel to other offices as required
  • Ability to work effectively in a culturally and educationally diverse environment
  • Strong written and oral communication skills
  • Strong knowledge and understanding of advanced security concepts and standards/regulatory frameworks
  • Ability to work independently with little or no supervision
  • Organized, responsive and highly thorough problem solver
  • Flexible work schedule to troubleshoot escalated issues out of hours and apply production changes where needed

Experience

  • University degree in a technology related discipline or 4 years of relevant experience; Master’s degree in an information security discipline preferred
  • 5+ years of full time experience in dedicated, technical information security roles or relevant educational experience
  • 5-7 years of full time experience in information technology in an area such as; networking, desktop engineering, programming or systems administration.
  • Strong knowledge of information security principles and practices
  • Experience with incident detection, response and analysis, preferably in a leadership role
  • Experience with software, system and security architectures
  • Experience with and knowledge of the secure development lifecycle
  • Experience with incident response and analysis, preferably in a leadership role
  • Strong knowledge and practical use of information security and networking tools such as; Nmap, Wireshark, Nessus, Tenable IO/Security Center, Varonis, Core Impact and Kali Linux
  • Strong knowledge and practical use of incident response tools including forensic acquisition tools such as; enCase; X-Ways; F-Response; EDR platforms (Crowdstrike, Carbon Black, etc.)
  • Experience with application security analysis tools
  • Strong knowledge of and practical experience with Event/Incident Detection, Analysis and Response concepts and techniques
  • Strong knowledge of security implications involving a variety of technologies including but not limited to; Microsoft, Cisco, Unix/Linux, and other market leaders in technology solutions, including mobile devices
  • Expert level proficiency in Splunk & Splunk Enterprise Security is desirable
  • One or more of the following certifications is required; CISSP, CISM, CISA
  • One or more of the following certification is desired: CSXP, GCIH, GCIA, GCED, OCSP, Splunk Certified Architect

 

Gibson Dunn will consider for employment qualified Applicants with Criminal Histories in a manner consistent with the requirements of local law.

 

Compensation & Benefits:

The annual compensation range for this position is $235-305k. The salary offered within this range will depend upon qualifications and other operational considerations.

Benefits offered for this position include health care; retirement benefits; paid days off, including sick time, and vacation time; parental leave; basic life insurance; Flexible Spending Accounts; as well as discretionary, performance-based bonuses.

GIBSON DUNN & CRUTCHER LLP IS COMMITTED TO THE PRINCIPLES OF EQUAL EMPLOYMENT OPPORTUNITY FOR ALL PARTNERS, EMPLOYEES AND APPLICANTS AND, IN ACCORDANCE WITH THE APPLICABLE FEDERAL AND STATE LAWS, DOES NOT DISCRIMINATE ON THE BASIS OF SEX, RACE, CREED, COLOR, RELIGION, MATRICULATION OR POLITICAL AFFILIATION, NATIONAL ORIGIN, ALIENAGE OR CITIZENSHIP STATUS, ANCESTRY, AGE, MARITAL STATUS OR PARTNERSHIP STATUS, FAMILY RESPONSIBILITIES, DISABILITY, MEDICAL CONDITION, PERSONAL APPEARANCE, GENETIC INFORMATION, PREDISPOSING GENETIC CHARACTERISTICS, SEXUAL ORIENTATION, MILITARY STATUS, STATUS AS A VICTIM OF DOMESTIC VIOLENCE, STALKING AND SEX OFFENSES, ARREST OR CONVICTION RECORD, OR ON ANY OTHER BASIS PROHIBITED BY LAW.