Cybersecurity Security Operations Center Manager

Cleveland, OH, United States

Sherwin-Williams

Discover the possibilities of Sherwin-Williams® paint with over 1700 paint colors. Get paint color tips, project ideas & product advice for DIY and Pros.

View all jobs at Sherwin-Williams

Apply now Apply later

The Cybersecurity Security Operations Center (CSOC) Manager’s core function is to provide leadership and oversee the administration of the CSOC, including security engineers and security analysts. The CSOC is responsible for monitoring and alerting on cybersecurity events, ensuring the maintenance of the current and future technologies, and continually analyzing threat data to find ways to improve the organization's security posture. This position requires both the ability to tactically focus on immediate threats at hand as identified in alerts and intelligence as well as strategically remain focused on Initiatives tasked by senior leadership. Candidates must be highly analytical, technically competent, and have an ability to provide focus and calm during incident response scenarios. The ability to lead groups or move forward initiatives is essential. In addition, the ability to plan for future team needs requires staying informed of current events in technology platforms and the Cybersecurity industry. Operational Management
  • Manage team employees reporting directly to you. Responsibilities include preparing midyear and annual staff evaluations and addressing both opportunities for growth (such as promotions) or improvement (such as employee performance improvement plans) as performances warrant.
  • Manage the on-call rotation and time off for the SOC
  • Providing regular training sessions and mentorship opportunities to facilitate knowledge-sharing within the team. 
  • Hiring new staff members or contracting outside services to supplement your team's capabilities when needed.
  • Support existing and future contractual relationships with technology and service providers. This includes working with providers to address support issues as well as working with management and procurement.
  • Work with upper management to track and manage team spending and assist in preparing annual budgets.
  • Lead your team and communicate with management during incident response (IR) to ensure timely notification and containment occur. Responsibilities include ensuring communicating, documenting IR progress, and following through with post-mortem reviews.
  • Ensure CSOC meets regulatory compliance of both internal and external auditors by adherence to policies and procedures. Ensure version control of SOC alerts as well as least privilege access to logs and investigation data.
  • Ensure synchronization and collaboration between the CSOC and Cyber Threat Intelligence team.
  • Work with other departments to identify the root causes of security incidents and develop strategies to mitigate these risks.

Strategy & Planning            

  • Work with employees on Individual Development plans. Interface with management and Human Resources to ensure plans meet business needs and provide measurable advancement steps to employee promotion and realization of career goals.
  • Provide insight and guidance in support of Governance Board meetings for existing or future spend
  • Plan out and monitor annual spend for CSOC. 
  • Improve incident response times, reduce false positives and other extraneous alerts, and enhancing threat detection capabilities.
  • Work with CSOC and architecture in determining technology and resource requirements.
  • Participate in engagement with other service families and departments in addressing CSOC logging and monitoring needs. Engage with same groups in developing Enterprise logging and monitoring strategies and solutions.
  • Stay abreast of business and technological developments to properly prepare CSOC future posture.
Acquisition & Deployment
  • Work with upper management to understand budget availability to shape CSOC efforts. 
  • Supervise team and/or perform compliance assessments to include Proof of Value (PoV) or Proof of Concept (PoC) for new program security tools.
  • Provide an accurate technical evaluation of the software application, system, or network, documenting the security posture, capabilities, and vulnerabilities against relevant information assurance policies.
Incidental Functions
  • Assist with other projects as required to contribute to efficiency and effectiveness of the organization.
  • Travel may be required but should not exceed 10% of work time.
  • Work outside the standard office 7.5-hour workday may be required with on-call availability.

This position is not eligible for sponsorship for work authorization now or in the future, including conversion to H1-B visa.

This position has a hybrid work schedule with three days in the office and the option for working remotely two days.

Job duties include contact with other employees and access confidential and proprietary information and/or other items of value, and such access may be supervised or unsupervised. The Company therefore has determined that a review of criminal history is necessary to protect the business and its operations and reputation and is necessary to protect the safety of the Company’s staff, employees, and business relationships.

Formal Education & Certification
  • Bachelor’s Degree (or foreign equivalent) or in lieu of a degree, at least 12 years in experience in the field of Information Technology or Business (work experience or a combination of education and work experience in the field of Information Technology or Business)
Knowledge & Experience
  • 8+ years IT experience.
  • 6+ years IT security experience 
  • Minimum 1 year experience with cyber-security investigations and incident response.
  • Minimum 1+ years of experience in process analysis and improvement.
  • Background in metrics/reporting.
  • Experience identifying and implementing solutions to complex business problems.
  • Understanding of various operating systems (z/OS, Window, UNIX, Linux, AIX, etc.) with an emphasis on vulnerability assessment and hardening.
  • Ability to analyze reports by reviewing incident or threat frequency, severity, and duration data. 
Preferred Experience
  • Experience in a Security Operations Center (SOC) or working with a Managed Security Service Provider (MSSP)
  • Supervisory and/or Management experience preferred.
  • Budgeting experience
  • Understand Log Management process and program
  • Certifications: Lean, CISSP, SANS GIAC, or CISM
  • Project Management concepts: use of JIRA, Planner, etc.
  • Delivery of Metrics demonstrating proof of value and key performance indicators
  • Understanding of CVSS, CVE, CWE, CPE, CCE, CWE, OVAL, SCAP and/or other standards.
  • Familiar with both IT and OT detect and respond functions
  • Familiar with email security tools such as Proofpoint, Abnormal Security, O365, etc.
  • Understanding of Threat Analysis and Threat Intelligence.
  • Experience with Security and Information and Event Monitoring (SIEM) products such as Sumo Logic, Splunk, etc.
  • Experience with Vulnerability Management products such as Qualys and WIZ.
  • Utilize key performance indicators to track analyst workloads as well as the efficiency of detection signatures/rules and associated monitoring technologies.
  • Benchmark and implement industry best practices to mitigate potential threats.
  • Support the preparation of appropriate reports and communicate status and results.
  • Familiarity with SOC-CMM
Personal Attributes
  • Strong analytical, evaluative, and problem-solving abilities.
  • Strong leadership skills
  • Ability to motivate in a team-oriented, collaborative environment. 
  • Ability to set and manage priorities.
  • Strong written and oral communication skills.
  • Strong interpersonal skills.
  • Ability to present ideas in business-friendly and user-friendly language.
  • Self-motivated and directed.
  • Keen attention to detail.
  • Commitment to fostering a culture of inclusion and diversity
  • Hybrid on-site and remote work.
  • Minimal travel is required.
  • Work outside the standard office 7.5-hour workday may occasionally be required for on call coverage or overseeing after hours team investigations.

Here, we believe there’s not one path to success, we believe in careers that grow with you. Whoever you are or wherever you come from in the world, there’s a place for you at Sherwin-Williams. We provide you with the opportunity to explore your curiosity and drive us forward. Sherwin-Williams values the unique talents and abilities from all backgrounds and characteristics. All qualified individuals are encouraged to apply, including individuals with disabilities and Protected Veterans. We’ll give you the space to share your strengths and we want you show us what you can do. You can innovate, grow and discover in a place where you can thrive and Let Your Colors Show!  At Sherwin-Williams, part of our mission is to help our employees and their families live healthier, save smarter and feel better. This starts with a wide range of world-class benefits designed for you. From retirement to health care, from total well-being to your daily commute—it matters to us. A general description of benefits offered can be found at http://www.myswbenefits.com/. Click on “Candidates” to view benefit offerings that you may be eligible for if you are hired as a Sherwin-Williams employee. Compensation decisions are dependent on the facts and circumstances of each case and will impact where actual compensation may fall within the stated wage range. The wage range listed for this role takes into account the wide range of factors considered in making compensation decisions including skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. The wage range, other compensation, and benefits information listed is accurate as of the date of this posting. The Company reserves the right to modify this information at any time, with or without notice, subject to applicable law. Qualified applicants with arrest or conviction records will be considered for employment in accordance with applicable federal, state, and local laws including with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act where applicable. Sherwin-Williams is proud to be an Equal Employment Opportunity/Affirmative Action employer committed to an inclusive and diverse workplace. All qualified candidates will receive consideration for employment and will not be discriminated against based on race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, age, pregnancy, genetic information, creed, marital status or any other consideration prohibited by law or by contract. As a VEVRAA Federal Contractor, Sherwin-Williams requests state and local employment services delivery systems to provide priority referral of Protected Veterans. Please be aware, Sherwin-Williams recruiting team members will never request a candidate to provide a payment, ask for financial information, or sensitive personal information like national identification numbers, date of birth, or bank account numbers during the application process.
Apply now Apply later

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  5  2  0

Tags: CISM CISSP Compliance CSOC CVSS GIAC Governance Incident response Jira Linux Monitoring Qualys SANS SCAP SIEM SOC Splunk Strategy Threat detection Threat intelligence UNIX Vulnerabilities Vulnerability management

Perks/benefits: Career development Health care Team events Travel

Regions: Remote/Anywhere North America
Country: United States

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.