Cyber Managed Services - Threat Detection & Response - Manager

Job description

EY’s Threat Detection and Response (TDR) Managed Service provides organizations with the people, process and technology coordinated to detect, respond to, and contain cyber attacks before business assets are impacted.  The TDR team provides 24x7x365 threat monitoring, triage and analysis for malicious activity wherever digital assets reside; assessing alerts to identify and disrupt malicious activity; hunting for behavioral indications of attacks that have evaded current detection countermeasures; managing and enhancing security technologies to identify attacks better, faster and more accurately; and working collaboratively with client personnel to identify improvements to their cybersecurity plans and programs.

The Opportunity

As a Manager in EY’s TDR Managed Service, you will serve as Operations Lead and primary point of contact to clients for cybersecurity threat detection, response, hunting, intelligence, program management and technology management activities directly related to them.  You will serve as part of a Core Team that works with analysts from Cybersecurity Centers around the globe, coordinates with other EY teams providing services to the client, and periodically visits client personnel at their facilities to collaborate and develop strategy with client cybersecurity stakeholders for service enhancement. 

TDR Managed Service team members possess diverse industry knowledge, along with unique technical expertise and specialized skills.  The team stays cutting-edge relevant by researching new security trends and threats; attending security conferences, continuously training; innovating through brainstorming and trying new things; and sharing knowledge on thought leadership topics with internal teams, clients and outside stakeholders.  Team members work collaboratively in pursuing, planning, initiating, operating and managing engagements to assess, improve, build and operate integrated security operations for clients.

To qualify for the role, you must have

·  Bachelor’s degree (preferred in Information Systems, Computer Science, or related disciplines),
·  For candidates with a bachelor's degree, have a minimum of 5 years of experience working in cybersecurity intrusion analysis and/or endpoint monitoring, detection, and reponse (SOC), incident response, computer or network forensics, or in related cybersecurity and cybersecurity leadership roles.
·  For candidates with a master’s degree, have a minimum of 3 years of experience working in cybersecurity intrusion analysis and/or endpoint monitoring, detection, and response (SOC), incident response, computer or network forensics, or in related cybersecurity and cybersecurity leadership roles. 
·  A valid driver's license in the US and a valid passport; willingness and ability to travel domestically and internationally to meet client needs; estimated up to 40% travel required
·  One security leadership-related certification such as CISSP or CISM; non-certified hires are required to become certified within 1 year from the date of hire

Preferred candidates will also have:

·  Significant prior experience working in a SOC environment
·  Working knowledge of ticketing system software (e.g., ServiceNow or other ticketing systems)
·  Working knowledge of SIEM software (e.g., Splunk, Sentinel, QRadar or other SIEM platforms)
·  Working knowledge of EDR software (e.g., Carbon Black, CrowdStrike, Tanium, MS Defender for Endpoint and O365, or other EDR platforms)
·  Working knowledge of Network Monitoring Software (e.g., Fidelis Network, ExtraHop, or other NSMs)
·  Working knowledge of security alert triage and analysis methods (e.g., use of correlations, behaviors and patterns, pivoting, enriching alert data and providing remediation recommendations)
·  Experience with threat hunting and threat hunting methodologies (e.g., analyst-driven, tactic- or technique-driven, threat intelligence-driven and scenario-based threat hunting)
·  Experience with cybersecurity incident response coordination and methods
·  Experience integrating cyber threat intelligence with security monitoring processes and threat hunting
·  Knowledge of detection rule logic management (e.g., creation, tuning and management methods)
·  Knowledge of cybersecurity frameworks (e.g., Mitre ATT&CK, VERIS, Cyber Kill Chain, Diamond Model, and other frameworks)
·  Knowledge of cloud infrastructures and cloud security monitoring (Azure, AWS, and GCP)
·  Knowledge of network communication concepts including ports, protocols, and encryption
·  Knowledge of identity, access and privileged account monitoring concepts

Your Key Responsibilities

·  Opportunities: Support new business opportunities by participating in market-facing activities and developing thought leadership materials.  Understand EY and its service lines.  Facilitate team members to work together to generate new ideas that connect EY’s capabilities to clients.
·  Business Development: Support business development efforts by helping to scope and size engagements based on client requirements coupled with their individual needs in terms of cost, people, process and technology.  Participate in RFP responses and proposals.
·  Project Management: Use project management methods, effective communication, support resources and technology on client engagements to enhance the efficiency of services and effectiveness of outputs.  Coordinate and oversee team activities, review shift reports, review and track ticket submissions, and review and track alerts, triages, logic implementation, technology management and threat hunting.
·  Quality: Deliver high quality work products and client services.  Participate in quality reviews, assessments and corrective actions.  Drive outputs and deliverables within expected timeframes and within budget.  Develop plans, oversee activity, monitor progress, manage risk, and ensure key stakeholders are kept informed about progress and expected outcomes.
·  Risk: Analyze and apply an understanding of cyber and industry trends to identify engagement and client opportunities and risks.  Use knowledge of cyber threat and security current events to generate areas for threat mitigation.  Draft and present risk analysis reports and presentations to key client and engagement stakeholders.  Coordinate investigation of publicly reported cyber events for risk and impact to client systems.
·  Improvement: Analyze and apply an understanding of complex enterprise IT and security systems to identify engagement and client strengths and weaknesses.  Use knowledge of client’s cyber environments and industry trends to generate areas for improvement.  Draft and present improvement reports and presentations to key client and engagement stakeholders.  Maintain a quarterly continuous improvement plan reported to key client and engagement stakeholders.
·  Documentation: Collaborate and lead team members through engagement planning, service initiation, transition to full operations, and 24x7 operations.  Develop project plans, timelines, milestones and supporting documentation.  Understand the client’s business and oversee teams documenting business processes dependent on IT and creating standard operating procedures, workflows, rosters, templates, reports and other engagement documentation.
·  Reports: Oversee the development of draft and final reports for weekly, bi-weekly, monthly, quarterly and annual reviews with key client and engagement stakeholders.  Ensure confidentiality and integrity of engagement reports and documentation including archival at the end of engagements.
·  Leadership: Use effective communication and leadership methods to promote healthy teamwork and responsibility among engagement team members.  Foster a high-performance, innovative and inclusive team-oriented work environment.  Lead by example by serving as counselor and mentor to junior professionals within the firm.
·  Meetings: Lead internal engagement team meetings, participate in internal engagement key stakeholder meetings and participate in client technical, ad hoc and regular reporting meetings.  Prepare for and attend technical client meetings (weekly or bi-weekly) and service review meetings (monthly, quarterly and annually).  Attend ad hoc client meetings for changes in client environments, new technologies, improvement initiatives, workshops, brainstorming sessions or problem-solution meetings.
·  Communication: Use effective and professional communication methods in correspondence in email, discussions in chat, presentations with visual aids and in speaking with team members and key engagement stakeholders.  Monitor client communication for timely response to client requests, responses and notifications.
·  Relationships: Foster relationships with client personnel to build trust that enables effective improvements to client’s security posture.  Set a goal to engage with clients daily.  Invite internal subject matter resources to present perspectives and new ideas in problem-solution development with clients.
·  Training: Regularly attend training, conferences and thought leadership presentations.  Share findings from conferences and presentations to internal team members.
·  Collaboration: Support other teams by collaborating and presenting in formal information sharing meetings as well as participating in chat channels offering insights to teams working with other clients.

Skills and Attributes for Success

·  Stay informed of changes and innovations in the threat detection and threat response domains
·  Follow the latest trends in threat trends, actors, tactics and techniques
·  Explore innovation and areas for continuous improvement
·  Develop solutions both strategically and analytically
·  Effectively communicate when interacting with clients, senior leaders, technical SMRs, support staff, vendors and business partners in both technical and nontechnical terms
·  Engage with clients by listening and understanding their needs
·  Escalate risks and issues to appropriate governance channels
·  Create and deliver internal and client reports and presentations
·  Develop trends and metrics
·  Work on multiple, simultaneous initiatives
·  Promote communication and collaboration while coordinating activities among multiple teams
·  Adhere to service quality standards and program management requirements
·  Provide constructive feedback when interacting, mentoring and training team members
·  Work collaboratively in a cross-functional team environment that is culturally diverse and geographically disperse teams

What we look for

We are most interested in your ability to succeed in a team environment while growing your personal and professional capabilities.  A drive to provide exceptional attention to detail and consistently deliver high-quality work is key to success at EY.

What working at EY offers

We offer a competitive compensation package where you will be rewarded based on your performance and recognized for the value you bring to our business.  Our comprehensive Total Rewards package includes medical and dental coverage, pension and 401(k) plans, a flexible vacation policy with 19 observed holidays, and a range of programs and benefits designed to support your physical, financial and social well-being.  Plus, we offer:

·  Support and coaching from some of the most engaging colleagues in the industry
·  Opportunities to develop new skills and progress your career

EY is committed to being an inclusive employer.  We strive to achieve the right balance for our people, enabling us to deliver excellent client service whilst allowing you to build your career without sacrificing your personal priorities.  While our client-facing professionals can be required to travel and at times be based at client sites, our flexible working arrangements can help you to achieve a lifestyle balance.

About EY

As a global leader in assurance, tax, transaction and consulting services, we hire and develop the most passionate people in their field to help build a better working world. This starts with a culture that believes in giving you the training, opportunities and creative freedom to make things better. So that whenever you join, however long you stay, the exceptional EY experience lasts a lifetime.

If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible.

Make your mark.  Apply today.

EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status or disability status.

EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, national origin, protected veteran status, disability status, or any other legally protected basis, in accordance with applicable law.