Security Operations Manager in Work From Home at TradeStation

Date Posted: 7/17/2021

Job Snapshot

Job Description

Security Operations Manager
Virtual US or Costa Rica
TradeStation is an online brokerage firm seeking to level the playing field for self-directed investors and traders, empowering them to claim their individual financial edge.  At TradeStation, we're continuously pushing the boundaries of what's possible, encouraging out-of-the-box thinking and relentless search for innovation.  We offer a collaborative and flexible work environment, competitive salaries, comprehensive benefits and a generous PTO policy.
The Security Operations Manager is a new position within TradeStation that will be tasked with building out the Security Operations function, managing the program, and overseeing its ongoing success.  This will be a very “hands on” role, especially as the program is being developed and will require a very strong and diverse set of skills including the ability to develop written operational procedures, training staff on executing procedures properly, repeated constant task reprioritization, and extremely good communication skills.  Due to the highly sensitive nature of TradeStation’s business, it is anticipated that, while general business working hours will be the norm, this individual will be required to be available additional hours as necessary for the success of the program and on a 24x7 basis when critical situations arise.
  • Standardize, document, and operationalize a multitude of routine security operations so that they may be carried out successfully, repeatedly, and in high quality by junior level Security and non-Security personnel.  Examples include:
    • Analyzing and taking action upon reported phishing attempts
    • Performing vulnerability scans and reporting results
    • Analysis and mitigation of reported computer viruses and malware
    • Analysis and mitigation coordination of potential or actual DDoS attacks
    • Utilizing automated tools to perform application security scans and reporting results
    • Coordination of DNS hijacking and reputational attack mitigation
    • Security metrics aggregation and reporting using various tools and dashboards
    • Security threat feed monitoring and information dissemination
    • Research and escalation of MDR sourced issues
    • Validation and reporting of security technology functionality and effectiveness
  • Collaborate with both technical and non-technical TradeStation teams to gather requirements and assist in implementation of operational security solutions to improve security, efficiency, and quality.
  • Work with the CISO to establish a clear vision and direction for the Security Operations function and successfully execute on plans supporting that.
  • Assist the CISO in defining metrics to measure success of the Security Operations function, program milestones, and provide periodic reporting.
  • Provide daily supervision and oversight of both direct and indirect staff (personnel management)
  • Ensure escalation and followup of tactical security threats
  • Strong communication skills, both verbal and written are required (and your resume/CV will be carefully reviewed as a prequalification).
  • Highly organized and motivated
  • Strong technical background utilizing and monitoring security controls and technologies such as:
    • Firewalls and firewall management tools
    • Cloud-based security controls including those used for infrastructure as a service, cloud-native applications, containerization, and cloud compliance
    • Endpoint security controls such as EDR, web content proxies, DLP, and others
    • Network based security controls such as IDS/IPS, network behavior anomaly detection, etc.
    • Application vulnerability scanning tools (static and dynamic)
    • Vulnerability scanners such as Rapid7, Tenable Nessus, and others
    • Email security such as Microsoft O365 and Exchange protection, FireEye, and others
    • DNS security, monitoring, and mitigation
    • NIST, OWASP, ISO, COBiT, and other security standards and frameworks
  • Project management skills to build plans, measure success, and deliver results on time within budget
  • Personnel management skills in managing both direct and indirect reports and onsite and virtual teams
  • Ability to multitask, prioritize, and provide strong leadership
  • Requires a minimum of 7 years of progressive InfoSec work experience
  • Requires proven experience building and/or managing large security projects
  • Experience managing people and teams, direct-reporting staff and indirect reports
  • Experience working with individuals at all levels of an organization (executives, technical staff, non-technical staff, entry-level to highly experienced people)
  • One or more of the following is required:
    • Four year degree from an accredited college or university
    • CISSP (and/or other ISC2 certifications)
    • One or more SANS GIAC certifications
    • CEH, OSCP, or other penetration testing certifications