SOC Manager at Chewy
We are seeking a highly motivated SOC Manager to join our Information Security Team based in Boston, MA. The ideal candidate will be responsible for the implementation and maintenance of the enterprise-wide information security program, and ensuring that all information assets are adequately protected. The InfoSec Manager will also direct the implementation and monitoring of information security standards and policies. Additionally, they will be responsible for identifying, evaluating, reporting on, and mitigating cybersecurity risk to information assets as well as leading the Security Incident Response through the 24/7 Chewy Security Operations Center.
This role will require an individual with a strong technical background, as well as an ability to work with the IT organization and business management to align priorities with key business objectives. In addition to implementing security policies, the InfoSec Manager must be able to prioritize work efforts — balancing operational tasks with longer-term strategic security efforts.
The InfoSec Manager must have proven leadership and team-building skills to continue the explosive growth of the Chewy security team. Documentation and presentation skills, analytical and critical thinking skills, and the ability to identify needs and take initiative are key requirements of this position.What You'll Do:
- Oversee and continuously improve the security incident response process.
- Oversee and continuously improve the 24/7 Security Operations Center and all related processes and runbooks.
- Oversee and continuously improve the Enterprise firewall administration process.
- Oversee and guide the design, implementation, and support of information security solutions.
- Work with the team on a wide range of security tools, methodologies, and standards.
- Perform security assessments and review of networking infrastructure and implementation of new security-based technologies.
- Ensure that the security infrastructure is maintained to the highest standards of change management.
- Interface with members of the entire IT organization and business to manage security vulnerabilities and drive priorities.
- Participate in 24/7 support and on-call rotation, including incident management duties related to security incidents.
- Build out security monitoring and SIEM infrastructure and processes to proactively detect security attacks and reduce time to mitigate.
- Vendor relationship management, ensuring that service levels and vendor obligations are met .
- Continuously improve the support for other IT teams in malware remediation, mitigation of network and web-based attacks, and implementing proactive security controls into systems.
- Oversee the management of the IPS/IDS and firewall infrastructure for both on-prem and cloud environments
- Proven Security Incident Handling & Response experience.
- Experience in leading and continuously improving a 24/7 security operation leveraging both in house and external vendor resources.
- Security industry certifications (CISSP, SANS or others).
- Proven experience in security leadership and building elite enterprise and network security teams.
- Strong security background and hands on experience with NGFW firewalls, IPS, WAF, DLP, and other network-based security technologies is greatly preferred.
- Strong understanding of TCP/IP and other networking principles.
- Proven knowledge and understanding on how to secure key IT technologies including Windows, Linux, Databases, Web Servers, Load Balancing and others.
- Strong experience with securing e-commerce applications and supporting infrastructure.
- Strong understanding of SOX & PCI requirements and implementing data privacy controls.
- Experience with endpoint forensics, malware remediation, and advanced attack detection.
- Ability to generate security metrics and reporting on incidents and effectiveness of controls.
- A minimum of 3 years’ hands on experience with SIEM technologies or security event management platforms.
- Strong understanding of vulnerability management and implementing risk reduction plans.
- Experience with DDoS mitigation and preventing Layer-7 Web based attacks.
- Able to prioritize and execute tasks in a high-pressure environment.
- Experience working in a team-oriented, collaborative environment.
- Position may require travel
If you have a disability under the Americans with Disabilities Act or similar law, or you require a religious accommodation, and you wish to discuss potential accommodations related to applying for employment at our company, please contact [email protected]