BTB Security has need for a leadership role in the organization to take charge of Security Operations for BTB Security’s Rapid Advanced Detection And Response (RADAR) Service. The Director of Security Operations will be responsible for guiding the direction of security operations as BTB Security and the RADAR service grows and evolves. BTB leadership will come to rely on the Director of Security Operations to help realize the vision of BTB Security’s RADAR as well as govern the day-to-day operations of the Security Operations Center.
As a leadership role within BTB Security, the specific tasks and functions will vary based on the current state of the business and BTB Security’s RADAR service offering. While BTB leadership expects this role to be self-governing, the following high-level goals are expected to be met.
- Guide the Future Development of BTB Security’s RADAR Service
The Director of Security Operations will work closely with BTB Security leadership to ensure that the BTB Security RADAR service continues to be effective and successful. This will likely take many forms, from brainstorming new methods of detecting threats to evaluating the effectiveness of existing detective controls.
- Take Ownership of BTB Security’s Incident Response and Forensic Analysis Service Offerings
Incident Response and Forensic Analysis are natural extensions to the RADAR service. The Director of Security Operations will own every aspect of these service offerings to ensure they are delivered effectively.
- Manage the Day-to-Day Operations of the Security Operations Centers
The success of BTB Security’s RADAR is contingent on the effectiveness of the day-to-day operations of its SOCs. The Director of Security Operations will provide oversight and mentorship to ensure that RADAR personnel are handling security events properly. This will include ensuring that proper coverage is maintained at all times and communicating any notable concerns to BTB leadership.
- Be Responsible for RADAR Client Relationships
A focus of BTB Security’s RADAR service is to forge a trusted partnership with BTB clients. This comes from providing timely, expert security advice when handling security events as well as regular communication to ensure expectations are being met. The Director of Security Operations will be responsible for managing and maintaining RADAR client relationships.
- Develop and Maintain RADAR Deployment Processes
RADAR’s success is often dependent on ensuring the collection of meaningful security data from our clients’ environments. Ensuring RADAR is deployed successfully in a client environment is the first step towards accomplishing this. This role will work closely with the BTB Project Manager to accomplish this.
- Provide Direct Management of Security Operations Center Personnel
Security Operations Center personnel will report directly to the Director of Security Operations. As such, this role will be responsible for tasks such as conducting performance reviews, providing mentorship, approving training, and hiring.
- Take Charge of the Ongoing Design and Development of the BTB Security Lab
The BTB Security Lab will be used for training and testing detective controls for the RADAR service. This role will be responsible for the ongoing design and development of this lab environment.
- Strong understanding of the TCP/IP suite of protocols
- Difference between TCP and UDP
- Purpose of a subnet mask
- Role of TCP and UDP ports in network communication
- Professional experience with network and systems architecture
- Network segmentation (e.g., DMZ)
- Intrusion Detection Systems
- Web application architecture
- Active Directory
- Expert understanding of how major application layer protocols function (e.g., HTTP, SMTP, DNS, Kerberos)
- Advanced knowledge of categories of malware and how they function (e.g., rootkits, trojans, adware)
- Expertise related to vulnerabilities and attack vectors such as:
- SQL Injection
- Brute force attacks
- Malware infection vectors
- Phishing attacks
- Driveby/Redirection attacks
- Functional knowledge of programming/scripting (e.g., Perl, Python, Ruby)
- Comfortable in multiple operating systems (Windows, Linux, Unix, OSX)
- Prior experience with SIEM technologies
- Prior experience in a network or security operations center
- Certifications are always a plus, but not required:
- Network traffic analysis skills