Director of Threat Detection and Active Cyber Defense - Digital and Technology Partners - Remote, Req#3024372

The Mount Sinai Cybersecurity Operations team is looking for a highly motivated Director of Threat Detection and Active Cyber Defense (ACD) who will be a key member of the Cybersecurity operations team at Mount Sinai Health System. This role is responsible for leading the Security Monitoring, Investigation and Active Cyber Defense (ACD) program at Mount Sinai Health System. The focus of the Director of Threat Detection and Active Cyber Defense (ACD) is to lead the day to day-to-day operations to identify, detect and prevent advanced cyber-attacks targeting the Mount Sinai IT Enterprise and Cloud Infrastructure quickly and proactively.

Qualifications

• Bachelors degree required in Business Administration and/or Information Systems with course work in Computer Science or equivalent; Masters preferred. Strongly prefer: Computer Science, Engineering, Mathematics, Business Intelligence, Statistics or Cyber Security
• 5 years of progressive information systems management experience preferably in a health care field.

Strongly preferred:

• Experience leading and Managing Security Operation Center (SOC) teams
• Experience working with 3rd Party MSSP/MDR providers
• Experience using one or more SIEM and SOAR platforms
• Hands on experience and understanding of network/host-based intrusion analysis
• Hands on Experience with large scale and complex incidents of all types including APT, DDOS, insider, web and mobile applications, data exfiltration, etc.
• Hands on experience with EDR technologies (e.g., CrowdStrike, Carbon Black-Response, Defender ATP, Sentinel One)
• Experience managing security in cloud environments such as Azure, GCP or AWS and corresponding security monitoring tools
• Deep understanding and proven experience handling global incidents of all types in a fast-paced environment
• Experience with reverse-engineering, C&C exploitation, and broader system/network forensics

In addition, strongly prefer the ideal candidate to have the following:

• One or more certifications, including but not limited to GCIH, GCIA, GCFE, GREM, GCFA, GSEC, CEH
• Ability to independently perform statistical analysis and inference, data modeling, clustering and predictive analysis
• Ability to translate cyber and application security issues into analytical models. Capability to effectively multitask
• Strong technical understanding of the information security threat landscape (attack vectors and tools, best practices for securing systems, networks, and cloud environments etc.)
• Knowledge of security appliances and professional / open-source tools that support threat hunting, including understanding the analysis of competing hypotheses
• Experience with either Red team or Blue team operations and ability to think both like an attacker and defender
• The ability to successfully interface with both internal and external clients
• The ability to document and explain technical details in a concise, understandable manner

, 296 - DTP Security - MSH, Mount Sinai Hospital

Responsibilities

• Lead the security monitoring program working with a 3rd party XDR provider to identify threats and threat actor groups and their techniques, tools and processes quickly and proactively
• Responsible for Enhancing and expanding the Use Case and IOC management for threat, fraud and compliance monitoring, detection, and response.
• Responsible for providing expert analytic investigative support of large scale and complex security incidents
• Continuously improve processes for use across multiple detection sets for more efficient operations
• Responsible for leading real-time Incident response, incident containment, and root cause analysis for all cyber security threats and incidents.
• Interface with internal teams, as necessary, to resolve issues, provide additional information, and answer questions related to incidents and monitoring
• Provide input and recommendations to IT, OT, Legal, HR, and Cybersecurity Security teams regarding gaps and opportunities in the prevention of threat execution, vulnerabilities, and configuration management as it relates to cybersecurity incidents.
• Responsible for deploying and managing Active Defense Technologies (deception, honeypots)