CSIRT Manager

Company: CDK Global
Location: Hoffman Estates
Posted on: January 12, 2021

Job Description:

Power the PossibilitiesThe CDK Global technology team is looking for collaborative innovators who are passionate about making their mark on emerging enterprise software products. We're building and developing cloud technology for the automotive retail industrythat will change the landscape for automotive dealers, original equipment manufacturers (OEMs) and the customers they serve.Be Part of Something BiggerEach year, more than three percent of the U.S. gross domestic product (GDP) is attributed to the auto industry, which flows through our customer, the auto dealer. It's time you joined an evolving marketplace where research and developmentinvestment is measured in the tens of billions. It's time you were a part of something bigger.We're expanding our workforce - engineers, architects, developers and more - onboarding early adopters who can optimize, pivot and keep pace with ever-evolving development roadmaps and applications.Join Our TeamGrowth potential, flexibility and material impact on the success and quality of a next-gen, enterprise software product make CDK an excellent choice for those who thrive in challenging, fast-paced engineering environments.The possibilities for impact are endless. We have exceptional opportunities to evolve our industry by driving change through new technology.If you're ready for high-impact, you're ready for CDK.Summary:This position is will support the CDK Global 24x7 Security Operations Center (SOC). This position is in direct support to the Security Operations Center (SOC) including Tier 1 through Tier 3 resource capabilities and activities related to security monitoring, threat, and vulnerability management and incident response (IR). Preference will be made for candidates who can support 'non-business hours' shifts.(LOCATION OPEN TO HOFFMAN ESTATES, IL/SAN JOSE, CA/PORTLAND, OR)Responsibilities* Document and escalate incidents (including event's history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.* Perform cyber defense trend analysis and reporting.* Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.* Provide daily summary reports of network events and activity relevant to cyber defense practices.* Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings).* Review and approve procedures and work instructions for use by the SOC staff (Tier 1 through Tier 3).* Train and mentor the Tier 3 analysts and engineers as needed.* Provide cybersecurity recommendations to leadership based on significant threats and vulnerabilities.* Inform senior management about performance and issues, including escalations.* Monitor and manage customer SLA compliance for SOC.* Monitor documentation to ensure accuracy and quality.* Establish professional development programs with Training Coordinator for personnel.Qualifying Experience and Attributes* Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies.* Ability to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute).* Knowledge of computer networking concepts and protocols, and network security methodologies.* Knowledge of cybersecurity and privacy principles.* Knowledge of cyber threats and vulnerabilities.* Knowledge of encryption algorithms, cryptography, and cryptographic key management concepts.* Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists).* Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).* Knowledge of incident response and handling methodologies.* Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).* Knowledge of network traffic analysis methods.* Knowledge of new and emerging information technology (IT) and cybersecurity technologies.* Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).* Knowledge of key concepts in security management (e.g., Release Management, Patch Management).* Knowledge of security system design tools, methods, and techniques.* Knowledge of Virtual Private Network (VPN) security.* Knowledge of what constitutes a network attack and its relationship to both threats and vulnerabilities.* Knowledge of Insider Threat investigations, reporting, investigative tools and laws/regulations.* Knowledge of defense-in-depth principles and network security architecture.* Knowledge of different types of network communication (e.g., LAN, WAN, WLAN, WWAN).* Knowledge of file extensions (e.g., .dll, .bat, .zip, .pcap, .gzip).* Knowledge of interpreted and compiled computer languages.* Knowledge of cyber defense and information security policies, procedures, and regulations.* Knowledge of the common attack vectors on the network layer.* Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).* Knowledge of cyber attackers (e.g., script kiddies, insider threat, nation/non-nation state sponsored).* Knowledge of system administration, network, and operating system hardening techniques.* Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).* Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).* Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.* Signature implementation impact for viruses, malware, and attacks.* Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).* Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications.* Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.* Knowledge of how to use network analysis tools to identify vulnerabilities.* Knowledge of penetration testing principles, tools, and techniques.* Skill in detecting host and network based intrusions via intrusion detection technologies (e.g., Snort).* Skill in using protocol analyzers.* Skill in collecting data from a variety of cyber defense resources.* Skill in recognizing and categorizing types of vulnerabilities and associated attacks.* Skill in reading and interpreting signatures (e.g., snort).* Skill in performing packet-level analysis.CDK Global knows you have passions outside of work. You have family, friends, sporting events, and lots of things going on. That's why we offer a comprehensive benefits package to not only take care of you but your family as well. All of our benefits are effective the first day of employment including 401K matching, paid time off to re-energize, donate your time to volunteer in your community, and tuition reimbursement to name a few.At CDK, we pride ourselves on having a diverse workforce. We value and celebrate the uniqueness of individuals and the different perspectives they provide. We offer equal opportunity employment regardless of race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability status, age, marital status, or protected veteran status.

Keywords: CDK Global, Hoffman Estates , CSIRT Manager, Executive , Hoffman Estates, Illinois