Cyber Security Operations Center; SOC Manager

Position: Cyber Security Operations Center (SOC) Manager

Who Are We?

Taking care of our customers, our communities and each other. That’s the Travelers Promise. By honoring this commitment, we have maintained our reputation as one of the best property casualty insurers in the industry for over 160 years. Join us to discover a culture that is rooted in innovation and thrives on collaboration. Imagine loving what you do and where you do it.

Compensation Overview

The annual base salary range provided for this position is a nationwide market range and represents a broad range of salaries for this role across the country. The actual salary for this position will be determined by a number of factors, including the scope, complexity and location of the role; the skills, education, training, credentials and experience of the candidate; and other conditions of employment.

As part of our comprehensive compensation and benefits program, employees are also eligible for performance-based cash incentive awards.

Salary Range

$ - $

Target Openings

1

What Is the Opportunity?

The Cybersecurity Operations team is responsible for the identification, protection, detection, response and disruption of cybersecurity events across Travelers through threat intelligence gathering, detection, and techniques to assess, support, and resolve cyber incidents. The Cybersecurity SOC Manager will lead assessments of systems and networks within the environment and measure effectiveness of defense-in-depth architecture against known vulnerabilities.

This role is a key member of our SOC, and will act as a subject matter expert, leading detection, analysis, and response to SOC alerts and other cybersecurity events alongside junior analysts. You must be willing to work in a 24x7x365 team environment and be in an on-call rotation, meaning you will be prepared to work evening, weekend, and holiday schedules as required to meet our objective of 24x7x365 availability, alongside the team.

This role will ensure that the SOC is functioning and operationally ready to perform incident response, as well as cybersecurity initiatives, investigations, automation development, data analysis, scripting, and forms process improvement. Additionally, this role will routinely act as a mentor, seek for opportunities to improve team and incident response practices, and maintain the SOC knowledgebase. The ideal candidate will bring a background and experience in Cybersecurity staff management (the evaluation, hiring, and training of SOC staff), strong technical skills related to threat detection and response processes, as well as the curation and presentation of metrics & reporting for Senior Leadership.

This position plays a key role within Travelers Cyber Incident Response team.

Applicants must be authorized to work for ANY employer in the US. The company does not sponsor/support H-1B petitions, TN, or Forms I-983/STEM OPT, this this role.

What Will You Do?

• Provide day-to-day operational leadership for the SOC.
• Monitor SOC service levels and metrics for internal SOC reporting.
• Manage SOC capacity levels.
• Manages the SOC QA program.
• Leads alert-based incident response efforts in the SOC, including evaluation and deconstruction of phishing pages and malware (e.g., obfuscated code) through open-source and vendor provided tools.
• Use cyber defense tools for continual monitoring and quickly analyze alerts from various sources across the enterprise and determine possible causes of alerts and consult with business partners for a fast resolution.
• Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information.
• Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings).
• Perform technical and nontechnical risk and vulnerability assessments of relevant technology focus areas and complex influence risk mitigation approaches to senior management.
• Conduct network scouting threat hunting and vulnerability analyses of systems within a network.
• Exploit network devices, security devices, and/or terminals or environments using various methods or tools and ensure communication of risks owners.
• Work in a 24x7x365 environment and be prepared to work evening, weekend, and holiday schedules (as required) for incident response readiness.
• Lead SOC projects and associated work streams.
• Manage knowledge base, including creating, maintaining, and enforcing standard operating procedures (SOPs), threat intelligence, and other documentation.
• Develop metrics and dashboards for alert metrics, coverage, and efficacy to drive performance improvement measures.
• Manage quality assurance activities over alert response and operate feedback loop to correct deficiencies as necessary.
• Maintains records of security monitoring and incident response activities, utilizing case management and ticketing technologies.
• Provide operational support, troubleshooting and maintenance of cybersecurity related processes, controls, or products.
• Assists in coaching peers, developing team…