Job Description

We have a direct hire position open for a Manager of Cyber Security - Vulnerability and Operations. A background in DevSecOps is very important to this role.

The position is a hybrid schedule of 3 days on-site in Irvine. On-site days are Mon - Wed, with Thurs and Friday being remote. There is some flex with schedules as well.

Specialized Skills required:

Expert level experience/understanding in as many of the following Security concepts and technologies as possible:

• Architecture and Design
• Web Application Development Experience
• Web Application Penetration Testing Experience
• Container Orchestration
• Understanding of DevSecOps Tooling and Workflows
• Security Testing/Code Scanning Experience (DAST/SAST/RASP/IAST)
• Continuous Integration and Deployment (CI/CD) Experience
• Modern Operating Systems
• Database Systems
• Source Code Repositories
• SSDLC
• AWS Cloud Infrastructure
• Azure Cloud Infrastructure
• Containerization Platforms
• Git
• Web Application Firewall
• Software Development
• Proficient with Programming/Scripting
• Cloud Technology Platforms, IaaS, PaaS, SaaS
• Network Intrusion Prevention/Detection (IPS/IDS)
• Security Information and Event Management (SIEM)
• Virtual Private Networks; SSL, IPSec and Site-to-Site
• Public Key Infrastructure (PKI)
• Network Access Controls (NAC)
• Next-Gen enterprise class firewalls
• Encryption technologies
• Vulnerability scanning tools
• Application scanning tools
• Outstanding interpersonal skills, effective communication with internal and external personnel of all levels.
• Extensive ability to estimate, plan, lead and execute complex technical projects while working independently and/or in a team.
• Strong technical expertise in cybersecurity principles, tools, and methodologies.
• Solid understanding of security operations, incident response, and threat intelligence.
• Familiarity with industry-leading security frameworks and standards.
• Excellent communication skills with the ability to convey complex technical concepts to both technical and non-technical stakeholders.
• Demonstrated ability to drive change and improve cybersecurity practices within an organization.

Experience required:

• Industry recognized security certifications; CISSP: Certified Information Systems Security Professional, CISM: Certified Information Security Manager, GIAC: SANS Global Information Assurance Certification, vendor certifications such as Azure Security Engineer (AZ500), etc.
• 13 years’ experience in an Information Technology role, with 8 years specific to an Information or Cybersecurity role that include expertise in design, development, and deployment of complex highly available, and secure, integration solutions.

As the Manager of Cybersecurity (Vulnerability and Application Security), you will play a key role in ensuring the security and integrity of our digital assets and IT systems. You will lead a team of cybersecurity professionals, collaborating with cross-functional teams to assess, remediate, and prevent security vulnerabilities in our applications and infrastructure. Additionally, you will play a crucial part in monitoring for and responding to security incidents, coordinating with relevant teams to ensure swift resolution. Your practical experience and expertise will be essential in shaping and executing the overall cybersecurity strategy while staying informed about the latest threats, industry best practices, and emerging technologies

What you will do:

Team Leadership and Development

• Lead, mentor, and inspire your direct reports, fostering a collaborative and growth-oriented work environment.
• Conduct performance evaluations, set goals, and provide ongoing feedback and coaching.
• Define and track key performance indicators (KPIs) for the cybersecurity team to measure their effectiveness and contributions to the organization's security goals.

Security Operations

• Support the Security Operations team in monitoring and responding to security incidents and breaches.
• Collaborate with Incident Response teams to ensure timely identification, containment, and resolution of security incidents.
• Participate in security incident simulations and help refine incident response procedures.

Application Security

• Lead and guide the team members in conducting security assessments, code reviews, and penetration testing of new and existing applications.
• Work closely with software development teams to integrate secure coding practices throughout the software development lifecycle.
• Champion the adoption of security tools, frameworks, and best practices to strengthen application security posture.

Vulnerability Management

• Oversee the identification, assessment, and prioritization of security vulnerabilities across our systems, networks, and applications.
• Develop and implement vulnerability scanning and assessment processes, ensuring timely and effective remediation of identified issues.
• Collaborate with the IT and development teams to address and close security gaps in applications and infrastructure.
• Provide regular reports on the status of vulnerabilities, risk exposure, and remediation efforts to senior management.
• Ensure compliance with relevant cybersecurity regulations and standards

Ongoing Education

• Keeps abreast of innovations and industry trends as well as changes to internal systems and determines how they impacts tools, training, and support necessary to keep systems up, running, and secure
• Participates in and contributes to learning activities around modern systems engineering core practices (communities of practice)
• Leads learning efforts inside the organization focused on systems engineering
• Proactively views articles, tutorials, and videos to learn about new technologies and best practices being used within other technology organizations

The ideal candidate:

Education:

• Bachelor of Science Degree in Systems Engineering, Electrical Engineering, Computer Sciences, Computer Engineering, Information Security, or other related engineering degree.