Security Operations Manager

Thorlabs, Inc., Newton, NJ, United StatesEmployer Description

Founded in 1989, Thorlabs seeks to accelerate the forward movement of scientific discovery and advancement! As a vertically integrated manufacturer of photonics components, instruments, and systems, our vast product portfolio includes over 20,000 items, ranging from optics and optomechanical positioning components to imaging systems, many of which are customer inspired.

Photonics is the foremost technology driving innovation in science and engineering. As the number of technological innovations has grown, Thorlabs has extended its core competencies in an effort to play an ever increasing role serving the Photonics Industry at the research end, as well as the industrial, life science, medical, and defense segments.

Headquartered in Newton, NJ, Thorlabs has grown to over Approximately 2,300 employees with manufacturing and sales offices in the United States, United Kingdom, Germany, France, Sweden, Japan, China, and Brazil. As light-based technologies push into new markets, Thorlabs plans to enter early with the products and services required to ensure the ultimate success of our customers.

Job Description

The Security Operations Manager uses knowledge of information system security to provide highly ethical evaluation and support of security systems and designs. The Security Operations Manager is responsible for overseeing the overall operations of the teams with regard to Information and Data security, with emphasis on risk and business continuity. This important role covers strategic oversight covering all elements of Information Security in our organization. As well as day-to-day operations along with scoping of requirements, system design, applications development, production implementation, incident response, while adhering to any necessary protocols, compliance frameworks, regulations, or legal requirements.

This position can be remote in NJ, MD or VA

Essential Job Functions include the following, but are not limited to:

  • Collaborate in defining and scoping of Information System Security requirements, creation, and execution of all Information Systems Data Security related strategies enhancing the reliability and security of Information Systems, projects, and data.
  • Overseeing security team members, allocating resources to ensure that projects are delivering secure and robust IS solutions for the agreed project security needs.
  • Oversight, planning and execution of any required vulnerability audits, penetration tests or forensic IT audits or related investigations.
  • Creation of reports and dashboards for best practice SOC operations; provide routine and periodic presentations of the performance metrics.
  • Liaison with senior level and other key stakeholders, and other security risk-assessment professionals.
  • Monitoring of the organizations overall Information Systems, Data, and Information Security policies.
  • Collaborate in the development and implementation of security policies, standards, disaster recovery, business continuity, and operational guidelines.
  • Facilitate staff training in security awareness skills.
  • Verify and confirm that associated protocols, methodologies, and procedures are implemented successfully.
  • Support and collaborate audits of compliance frameworks with government’s standards and related legislation.
  • Managing any new hires, day-to-day dispute resolution, staff redundancy and termination of staff if required.
  • Management of partners, key stakeholders, vendors or third-party service and solution providers.
  • Maintain situational awareness of emerging cyber trends by reviewing open-source reports for recent vulnerabilities, malware, and other threats that have the potential to impact the organization.

The Company retains the right to change or assign other duties to this position.

Thorlabs values its diverse environment and is proud to be an Equal Employment Opportunity/Affirmative Action Employer. All qualified individuals will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age or veteran status. Job descriptions are not intended as and do not create employment contracts. The organization maintains its status as an at-will employer. Employees can be terminated for any reason not prohibited by law.

Job Requirements

Qualifications

Experience:

  • Experience in data center security operations, software development (Dev-ops).
  • Experience in Linux, Windows and proprietary operating systems, and enterprise network equipment and firewalls.
  • Experience with auditing tools: Wireshark/Netmon, NMAP, Metasploit, Kali, Aruba Airwave, Arista Cloud, Microsoft 365 Security and Sentinel.
  • Experience with Cisco Security Suite solutions; ISE, Firesight.

Education:

  • Degree in Computer Science/Engineering or related discipline, 10 + years of related experience in an information technology security role.
  • Previous Security Operations Center (SOC) Management experience Certification(s) similar or related to the following: Certified Information Security Professional (CISSP), CCNA Security, Certified Ethical Hacker (CEH).

Specialized Knowledge and Skills:

  • The Manager should have a broad technical and architectural knowledge of information technology areas. This individual works in collaboration with other information system members to identify, mitigate, and reduce security risks.
  • Understanding of network architectures and security control frameworks in traditional and cloud/hybrid environments.
  • Computer science experience including a broad knowledge in IP networking protocols, encryption protocols, cyber security, web development, and secure system engineering.
  • Strong working knowledge of Windows services (AD/NTFS/GPO/DNS/DHCP), system hardening baselines, networking, security assessments, wireless networks, IPS/IDS and firewalls.
  • Strong analytical skills: ability to interpret and identify unusual activity from live data and logs.
  • Experience in basic forensic event handling, and incident response methods.
  • Skill in performing data capture and packet-level analysis.
  • Proficient in scripting and or object-oriented languages such as: Python, Kusto (KQL), Visual Basic, PowerShell.
  • Experience in utilizing vulnerability and penetration testing principles, tools, and techniques.
  • Understanding of the plethora of threats, attacks methods, and exploitation; and the measures to minimize those risks.
  • Knowledge of cyber-attack stages (reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, evasion methods)
  • Knowledge of regulatory frameworks (PCI, SAS94, NIST, CIS, GDPR, ISO).
  • Strong writing and communications skills.

Apply Here: https://spiecareercenter.org/jobs/5378378