3rd Shift Cyber Security Operations Manager

Position Summary:

The 3rd Shift Cyber Security Operations Manager oversees cybersecurity operations during the overnight shift, ensuring the integrity, confidentiality, and availability of the organization's systems, networks, and data. This role is responsible for managing the cybersecurity operations team, responding to incidents, monitoring threat detection systems, and enforcing security protocols. The manager plays a critical role in mitigating risks and ensuring continuous protection during non-business hours.

Key Responsibilities:

Cybersecurity Operations Management:

1. Monitor and manage cybersecurity systems, including:
   • Intrusion Detection and Prevention Systems (IDPS).
   • Security Information and Event Management (SIEM) tools.
   • Firewalls, endpoint protection, and vulnerability management systems.
2. Conduct real-time analysis of security alerts, investigating potential threats and escalating incidents as necessary.
3. Oversee the performance and functionality of cybersecurity tools, ensuring they are properly configured and updated.
4. Manage overnight threat hunting efforts and vulnerability scans to identify potential risks.

Incident Response and Threat Management:

1. Act as the primary incident commander during the 3rd shift for cybersecurity incidents, coordinating containment, eradication, and recovery efforts.
2. Perform forensic analysis of cyber incidents to determine root causes and recommend preventive measures.
3. Collaborate with cross-functional teams, such as IT and compliance, to address incidents and communicate updates.
4. Prepare detailed post-incident reports and lessons learned for review by senior leadership.

Shift Leadership and Team Supervision:

1. Supervise the 3rd shift cybersecurity operations team, ensuring coverage and performance of all team members.
2. Conduct shift handovers to ensure a seamless transition between teams.
3. Provide training, guidance, and mentorship to team members to enhance their skills and understanding of cybersecurity protocols.
4. Monitor and evaluate team performance, addressing any challenges or concerns.

Compliance and Reporting:

1. Ensure adherence to regulatory and organizational security standards, such as ISO 27001, NIST, or PCI-DSS.
2. Maintain detailed logs, documentation, and records of overnight activities, incidents, and system performance.
3. Provide shift summaries and threat intelligence reports to senior management.
4. Recommend improvements to security policies and protocols to address emerging threats.

Continuous Improvement:

1. Stay up-to-date on the latest cybersecurity threats, vulnerabilities, and mitigation techniques.
2. Implement process improvements to enhance the efficiency and effectiveness of cybersecurity operations.
3. Work with technical teams to test and improve incident response plans, ensuring readiness for a variety of cyber threats.

Education:

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field.
• Equivalent experience with relevant certifications may be considered.

Experience:

• 5 years of experience in cybersecurity operations or a related field.
• 2 years of experience in a leadership or management role, preferably overseeing a 24/7 or 3rd shift team.
• Hands-on experience with SIEM tools, IDPS, and other cybersecurity systems.

Skills and Competencies:

• Strong understanding of cybersecurity principles, frameworks, and best practices.
• Experience with Crowdstrike, XDR and MDR preferred.
• Proficiency in incident response, threat detection, and vulnerability management.
• Excellent analytical and problem-solving skills, particularly under pressure.
• Leadership and team management abilities, with experience mentoring technical staff.
• Strong communication skills, including the ability to document and explain technical information to non-technical stakeholders.

Certifications (preferred):

• Certified Information Systems Security Professional (CISSP).
• Certified Ethical Hacker (CEH).
• GIAC Certified Incident Handler (GCIH).
• CompTIA Security , CySA , or equivalent certifications.