Threat Management Associate Director

Are you ready to make an impact at DTCC?

Pay and Benefits:

• Competitive compensation, including base pay and annual incentive
• Comprehensive health and life insurance and well-being benefits, based on location
• Pension / Retirement benefits
• Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
• DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).

The Impact you will have in this role:

Your Primary Responsibilities:

• Develop and manage technical roadmap to align various threat detection capabilities (EDR, SIEM, IPS, etc.) within the Threat Management Center’s threat detection portfolio.
• Collaborate with business and IT teams to prioritize and drive implementation of threat detection capabilities for the organization. 
• Lead a team of threat detection professionals, including hiring, training, mentoring, evaluating performance and drive continuous improvement in threat detection efficacy. 
• Establish performance metrics and key performance indicators (KPIs) to measure the effectiveness of the Threat Detection Program. Proactively identify areas for improvement and implement strategies to enhance the performance of security controls.
• Drive continuous improvement of technology, processes, and procedures to align with stakeholder needs.
• Act as a subject matter expert, curating knowledge through documentation, procedures, playbooks, runbooks, awareness content, and other inter- and intra-team activities.
• Maintain strong relationships with security vendors, and industry peers to stay informed about emerging threats and engage in proactive information sharing.
• Provide subject matter expertise during critical incident investigations and threat hunting efforts

Qualifications:

• Minimum of 8 years of related experience
• Bachelor's degree preferred or equivalent experience

Talents Needed for Success:

• Solid understanding of the Cyber Kill Chain, MITRE ATT&CK Framework and campaign strategies.
• Solid understanding of common security technologies (e.g., firewalls, IDS/IPS, WAF, threat analytic platforms, SIEM, Database monitoring platforms, host based and network based forensic tools, email gateways, web proxies/filtering end point anti-virus, etc.).
• Demonstrable understanding of various SIEM concepts such as correlation, aggregation, normalization, and parsing.
• Demonstrated ability to communicate effectively with business and technical audiences across all levels of an organization.
• Strong knowledge and understanding of networking including IP, TCP/UDP, and common application layer protocols (E.g. HTTP, HTTPS, SSL, FTP).
• Security knowledge across multiple security domains and technologies (e.g., operating systems, databases, networking, applications, identity and access management).
• Experience working with threat intelligence reports, IOAs, IOCs, TTPs.
• Proficiency in Python, PowerShell, Bash, or Perl to automate compliance checks, data parsing, and reporting.
• Solid understanding of and experience working in Windows and Linux environments.
• Provide domain expertise during critical incident investigations and threat hunting efforts.
• Solid understanding of the current threat landscape includes knowledge of different threat actor profiles and threats against the financial services industry.  
• Serves as a trusted coach or mentor within the organization.
• Communicates openly keeping everyone across the organization informed.