Threat Operations Manager - Managed Security Services

We are the leading provider of professional services to the middle market globally, our purpose is to instill confidence in a world of change, empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled, inclusive culture and talent experience and our ability to be compelling to our clients. You’ll find an environment that inspires and empowers you to thrive both personally and professionally. There’s no one like you and that’s why there’s nowhere like RSM.

To address the most critical needs of our clients, RSM US LLP established the Security and Privacy Services group, comprised of more than 300 professionals dedicated exclusively to serving the cybersecurity needs of our clients. This group includes experienced consultants located throughout the United States, Canada, El Salvador, and India dedicated to helping clients with preventing, detecting, responding, and recovering to security threats that may affect their critical systems and data. We serve a diverse client base within a variety of industries, and we are relied upon to provide expertise across the full suite of security and privacy capabilities including managing the daily activities associated with our clients’ security operations.

We are seeking individuals with both broad and deep experience working in or around managed security services with experience and skills to lead a team delivering ongoing security operations for RSM clients in a variety of industries and geographic locations. Successful candidates will have solid knowledge of leading practices in security monitoring and detection, an understanding of industry threat and attack models, experience participating in or partnering with threat hunting and intelligence teams, knowledge of automation and orchestration trends and innovation, and can demonstrate experience leveraging this knowledge to benefit organizations in an operational capacity.

As a leader within the Managed Security Services practice, the Threat Operations Manager will direct the actions of a geographically disbursed team of security operations personnel operating in shifts. The Threat Operations Manager will educate and motivate the team to perform at the highest level and will ensure consistency of service delivery across shifts and geographies. The team serves multiple client accounts within a wide variety of industries. The SOC operational team is made up of senior and junior analysts and the Threat Operations Manager is responsible for driving practices that allow all analysts to learn and grow in their skills and careers. Working with senior leadership, this role supports our professionals by maintaining a respectful team environment that allows for all members to operate at their best and integrate their career with their personal life.

Successful candidates for the role typically have 7-10 years of experience in the following areas:

• Overseeing shift workers
• Continually maturing security operations through process and protocol improvements
• Providing consolidated reporting and dashboards to operational leadership
• Conducting technical interviews of potential analysts
• Managing security operations teams
• Providing leading practice recommendations in security operations, incident response, vulnerability management, and automation in a client service capacity
• Understanding native log collection and monitoring tools from common cloud platforms
• Supporting complex client service engagements across a variety of business use cases and requirements
• Guiding and mentoring clients throughout ongoing operational activities
• Mentoring and directing analysts, conducting quality reviews of their activities, providing direction, and serving as a technical lead

Required Qualifications:

• Bachelor's degree or higher
• 7-10 years of related experience, specifically 5+ years of security operations experience
• Proven experience leading security teams including interacting with external client teams and supporting operational protocols
• Experience using the ServiceNow suite for overall security operations workflow management
• Utilizing SIEM technologies such as Splunk, LogRhythm, Azure Sentinel, and StellarCyber
• Experience building and maturing security operation center capabilities and operations
• Experience serving complex architectures and environments (cloud, on-prem or hybrid)
• Experience with various automation platforms such as security orchestration and automated response (SOAR) tools
• Ability to communicate effectively, both in writing and verbally in English
• Ability to interact effectively with internal and external resources at all organizational levels
• Excellent project management, organization, and follow-up skills
• Strong critical thinking and problem-solving skills

Experience with the following platforms is preferred:

• Common cloud platforms – E.G. Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform
• SOAR tools – E.G. Torq, Phantom, Forescout
• Proficiency with AWS Security Center and popular security services: E.G. IAM, Key Vault, etc.)
• Knowledge and proficiency with popular cloud security services: E.G. VPC, RDS, IAM, WAF, IDS/IPS, AS3, SQS, SNS, CloudWatch, CloudTrail, Inspector, Config
• Vulnerability Management tools – E.G. Kenna, Tenable, Qualys
• Threat intelligence tools – E.G. Recorded Future and ThreatConnect
• Endpoint detection and response tools – E.G. SentinelOne, Crowdstrike, Defender
• Microsoft 365
• Cloud access service brokers: E.g. Netskope, ZScaler, McAfee, Forcepoint
• Container services and container security leading practices – E.G. Kubernetes, Docker

At RSM, we offer a competitive benefits and compensation package for all our people. We offer flexibility in your schedule, empowering you to balance life’s demands, while also maintaining your ability to serve clients. Learn more about our total rewards at https://rsmus.com/careers/working-at-rsm/benefits.

As an Affirmative Action and Equal Opportunity Employer all applicants will receive consideration for employment as RSM does not tolerate discrimination and/or harassment based on race; color; creed; sincerely held religious beliefs, practices or observances; sex (including pregnancy or disabilities related to nursing); gender (including gender identity and/or gender expression); sexual orientation; HIV Status; national origin; ancestry; familial or marital status; age; physical or mental disability; citizenship; political affiliation; medical condition (including family and medical leave); domestic violence victim status; past, current or prospective service in the US uniformed service; US Military/Veteran status; pre-disposing genetic characteristics or any other characteristic protected under applicable federal, state or local law. 

Accommodation for applicants with disabilities is available upon request in connection with the recruitment process and/or employment/partnership. RSM is committed to providing equal opportunity and reasonable accommodation for people with disabilities. If you require a reasonable accommodation to complete an application, interview, or otherwise participate in the recruiting process, please call us at 800-274-3978 or send us an email at careers@rsmus.com.

RSM does not intend to hire entry level candidates who will require sponsorship now OR in the future (i.e. F-1 visa holders). If you are a recent U.S. college / university graduate possessing 1-2 years of progressive and relevant work experience in a same or similar role to the one for which you are applying, excluding internships, you may be eligible for hire as an experienced associate.

RSM will consider for employment qualified applicants with arrest or conviction records in accordance with the requirements of applicable law, including but not limited to, the California Fair Chance Act, the Los Angeles Fair Chance Initiative for Hiring Ordinance, the Los Angeles County Fair Chance Ordinance for Employers, and the San Francisco Fair Chance Ordinance. For additional information regarding RSM’s background check process, including information about job duties that necessitate the use of one or more types of background checks, click here.

At RSM, an employee’s pay at any point in their career is intended to reflect their experiences, performance, and skills for their current role. The salary range (or starting rate for interns and associates) for this role represents numerous factors considered in the hiring decisions including, but not limited to, education, skills, work experience, certifications, location, etc. As such, pay for the successful candidate(s) could fall anywhere within the stated range.

Individuals selected for this role will be eligible for a discretionary bonus based on firm and individual performance.