Cyber Incident Response Manager
436 Slater Road-HF308
If you're looking for a meaningful career, you'll find it here at Webster. Founded in 1935 by Harold Webster Smith, our focus has always been to put people first--doing whatever we can to help individuals, families and businesses achieve their financial goals. And while we've grown into a leading commercial bank, we remain passionate about serving our customers, supporting our communities, and making a difference in people's lives. We can make a difference in your life, too. By empowering you to build the meaningful career you've been looking for.
Responsibility, respect, trust, teamwork and citizenship are the values on which Webster was founded. Together we call them The Webster Way, and they are what set us apart as a bank and an employer. Guided by these values, we put people first - working hard to live up to our customers, and each other, every day.
I. Position Summary
As a key member Webster's Security Operations Center (SOC), the Cyber Incident Response Manager will help Webster in identifying, and triaging cyber security threats, in a fast paced, collaborative environment. This role will report to the VP of Information Security Operations, but will liaison directly with many senior executives at the bank, including the CISO.
This person will be viewed also an internal leader, and is expected to orchestrate the investigation and escalation of cyber security incidents. This may include performing some hands-on forensic analysis to validate investigation assumptions (additional tools and training will be made available for this). The position will play a pivotal role ensuring Webster adequately identifies and responds to cyber security incidents. Therefore, the right candidate will be able to remain calm in intense situations, and direct the efforts of internal colleagues and external incident investigators.
During a confirmed incident, this person will be responsible for leading the investigation actions within SOC, executing the Cybersecurity Incident Response plan, and running playbooks that contain and remediate the cyber threat. Post incident activities will include performing a root-cause analysis, and identifying areas for improvement. This is a growth opportunity -- meaning there is opportunity to expand, improve, or redesign the existing cyber incident response program.
II. Major Duties & Responsibilities
- Maintain oversight of MDR (Managed Detection and Response) provider
- Measure the effectiveness of MDR with and provide regular updates to Management, with categorization of incidents
- Lead efforts to optimize our SIEM (Security Information and Event Management) platform
- Ensure all systems are reporting into the SIEM, and work with technical leaders to address gaps in logging
- Function as Subject Matter Expert for cyber investigations, including enforcement of Chain of Custody rules
- Analyze events from MDR and determine if escalation is warranted, based on the evidence
- Act as cyber incident commander for medium and high impact cyber incidents; triage incidents
- Work with VP of Information Security Operations to identify attack patterns by using the Cyber Kill Chain methodology
- Perform independent forensics analysis, as needed, to verify completeness of data collected during an investigation
- Enhance workflow and processes, enhancing incident response and mitigation efforts
- Provide leadership and guidance to advance the defensive capabilities of the SOC or the MDR, in better identifying and responding to cyber security incidents
- Provides training and mentoring of team members
- Manage vendor partners to drive requested solutions and operational excellence; assist with contract renewals or vendor onboarding through Webster's 3PRM process
- Provide reports into operational effectiveness, as requested
- Performs additional duties and responsibilities, as assigned
- Bachelor's Degree in directly related field required; advanced degree strongly preferred.
- Excellent communication skills, with experience influencing all levels of an organization -- from technical engineers, to senior management
- 10+ years in the information security field, at least 5 of which were in hands-on roles
- 5+ years in managing security vendor relationships -- preferably MSSP or MDR providers
- Proficiency with leading SIEM solutions, preferably QRadar or Elastic (ELK Stack)
- Ability to work independently, with minimal oversight, and raise issues / incidents to management as needed
- Deep knowledge of network security principles, with prior experience deploying firewalls, IDS/IPS, or analyzing packet capture data
- Experience managing at least one of the following: Endpoint Detection and Response (EDR); Data Loss Prevention (DLP); Data Protection; or Threat Intelligence Services
- Commitment to professional development, including training provided by Webster (candidate should be prepared to obtain SANS GMON certification for Continuous Monitoring)
- Proven ability to design and deploy highly matrixed processes
- Ideal candidate would have experience with NIST 800-137 Continuous Security Monitoring best practices
- Expert analytic and investigation abilities, including the ability to ask inquisitive questions during an incident investigation
- Ability to build successful working relationships with all levels of staff and management
Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled