The Johnson Controls Global Information Security (GIS) team is undergoing a transformation and expansion as Johnson Controls increases its cybersecurity resources and capabilities in order to address the increasing cybersecurity threat landscape.
Hosted in Milwaukee, Wisconsin, the Manager Global Computer Security Incident Response is a position reporting into the Director Cyber threat Analysis and Response with responsibility of assisting in the continuous development and improvement of the newly implemented state of the art Security Analysis, Monitoring, and Incident Response which globally supports the detection, prevention, and response of cyber security risks and threats. The global Cyber Threat Analysis and Incident Response program will provide the company with the ability to Prepare, Detect, Triage, Respond, and Protect Cyber Security incidents impacting the enterprise by ensuring they are properly identified, analyzed, communicated, actioned/defended, investigated and reported. The program will have responsibility over security monitoring and is responsible for global 24×7 incident response activities. The global security incident management program will also manage information resources during incident response activities to identify possible cyber-attack or intrusion events, and determine if it is a business impact.
Duties and Responsibilities
This position is responsible for managing the 24×7 Security Event / Incident Analysis function which forms the nucleus of the Security Operations Center. Operating a global team who are actively monitoring SIEM and other IDS tools in an environment with over 100,000 devices in the enterprise.
This role will also focus on continuous investigation of next generation SIEM / IDS solutions, including MSSP offerings and make recommendations to InfoSec management and architecture. Role includes direct staff responsibility, projects, and budgets; management of key processes and procedures involving the investigation of suspected cyber-attacks and breaches using automated tools.
- Direct and operate the functions of the global JCI Computer Security Incident Response Team (JCSIRT) the performing of all procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction.
- Take direction from Director Global Cyber Threat Analysis and interact with Managed Security Service Provider (MSSP) for escalation and incidents
- Assist with the development of processes and procedures to improve incident response times, analysis of incidents, and overall JCIRT functions.
- Provide guidance and mentorship to analyst team on investigative and response methodologies.
- Advanced knowledge of current security threats, techniques, and landscape, as well as a dedicated and self-driven desire to research current information security landscape
- Ability to research, develop, and keep abreast of tools, techniques, and process improvements in support of security detection and analysis in accordance with current and emerging threat and attack vectors
- Expert in leading incident response and forensics data acquisition procedures and techniques
- Present risks and propose countermeasures to senior technology executives
- Demonstrated track record for building effective and efficient programs including developing the necessary processes
- Excellent communications skills (verbal and written) are required
- Attends and presents at networking and technology events with members of the information security associations and other groups of interest while being a proven champion for the highest workplace integrity, respect and diversity; committed to building a secure business environment while meeting the highest ethical standards.
- Continuously improves the cybersecurity data analytics model to proactively detect potential suspicious activity indicative of potential threats to the business
- Work with Security Architecture and Engineering teams to design and implement architecture to conduct statistical analysis of relevant data coming from IT infrastructure and business processes to draw meaningful conclusions from statistical trends
- Maintain, develop, and continuously evaluate cyber threat intelligence sources (technical & non-technical) to increase effectiveness cyber threat information
- Establishes, evaluates, and implements performance metrics for functions supervised
The Manager Global Computer Security Incident Response is responsible for providing cybersecurity risk insight, making strategic program improvement recommendations based on analysis of threat intelligence and environmental risk information, and managing a global team of security professionals to provide the appropriate defense to advanced cyber threats. Works cross-functionally and collaborates closely with other senior leaders across the organization to ensure achievement of targeted objectives. Helps build out the security operations center including a passive analysis team and a cyber hunt team, in pursuit of cyber threats and advanced malware analysis. Provide leadership and direction for team with multiple functional areas. The role will require strong communication skills, overall knowledge of the security field, and industry knowledge of security related products and services.
- A minimum of a Bachelor’s Degree in computer engineering, computer security or computer science discipline.
- 7+ years of information security related experience leading teams in security operations, incident analysis, incident handling, and vulnerability management or testing, system patching, log analysis, intrusion detection, or firewall administration, network operations, engineering, system administration on Linux, or Window
- Strong understanding of adversary motivations including cybercrime, cyber hacktivism, cyber war, cyber espionage and the difference between cyber propaganda and cyber terrorism.
- Strong understanding of security operations concepts such as perimeter defense, BYOD management, data loss protection, insider threat, kill chain analysis, risk assessment and security metrics.
- Strong understanding of Threat Intelligence and Threat Profiling
- Familiarity with network security methodologies, tactics, techniques and procedures.
- Experience with Intrusion Detection Systems (IDS)/ Intrusion Protection Systems (IPS), SIEM and other network defense security tools.
- Provide technology vision, enable innovation, and understand and implement the technology trends that can create business value.
- Experience with Data Loss Prevention (DLP) technologies
- Experience in network security architecture
- Experience with enterprise anti-virus/malware solutions, virus outbreak management, and the ability to differentiate virus activity from directed attack patterns.
- Have experience monitoring, detecting, and leading response efforts of advanced persistent threats.
- Knowledge of digital forensic and static malware analysis techniques.
- Strong research background, utilizing an analytical approach.
- Candidate must be able to react quickly, decisively, and deliberately in high stress situations.
- Strong verbal/written communication and interpersonal skills are required to document and communicate findings, escalate critical incidents, to technical and non-technical audiences at different seniority levels and interact with customers.
- Highly motivated individual with the ability to self-start, prioritize, multi-task and work in a global team setting.
- Ability to create and maintain good business relationships with counter parts, customers and external entities to achieve the security incident management goals
- Ability to maintain a high level of discretion and personal integrity in the exercise of duties, including the ability to professionally address confidential matters
- Experience with open source and commercial security management tools
- Experience in the definition and implementation of strategic information security plans
- Knowledge of regulatory compliance requirements (PCI-DSS, HIPAA, FISMA, SOX)
- Knowledge in National Institute of Standards and Technology (NIST) as they apply to FISMA
- Bachelor of Science Information Security, Information Assurance
- 7+ years related experience. 5+ years in a management position of global company
- Certifications: CISSP, CISM, CEH, CSIRT, or GIAC