AVP Incident ResponseApply Job ID: R-007177 Date posted: 07/12/2019 Primary Location SC-Fort Mill
LPL Financial is seeking an AVP of Incident Response to work within its growing Information Security department reporting to the VP, Security Operations.
As a leader, you are expected to bring several years' experience in the cybersecurity industry to mature LPL’s Incident Response program. You will be expected to perform daily tasks associated with cyber incidents and investigations. As a Manager, you are responsible for augmenting and strengthening your personal DFIR skill set, as well as helping develop the skills of the entire DFIR team.
- Lead a team of forensic and IR analysts, familiar with host and/or network-based forensics across Windows, Mac and Linux platform
- Assess and develop the incident response program/strategy in a proactive fashion to help mature the security posture of organizations prior to an incident.
- Establish goals that align with the mission and complete performance reviews.
- Responsible for supporting Security Operations during normal business hours and in an on-call rotation outside normal business hours
- Review and analysis of intrusion detection systems, security incident event management systems, network traffic and data from solutions such as anti-malware, advanced endpoint detection/prevention, firewalls, internet/email gateways and VPNs
- Assessment and audit of compliance against the security policies and standards
- Maintain and develop IR playbooks
- Stay current with the latest malware, attack vectors and security trends
- Actively manage the response activities for information security incidents including discovery, triage, containment, recovery, and remediation plan coordination
- Coordinates efforts among multiple business units during response efforts
- Create and automate processes for common investigations and deliverables.
- Can effectively communicate with executives on the topics of forensics and incident response
- Provide mentorship and technical guidance to less experienced Incident Responders and SOC staff
- Conduct advanced computer and network forensic investigations relating to various forms of malware, email compromises, computer intrusion, theft of information, denial of service, data breaches, etc.
- Bachelor's degree in Information Security or Technology related field
- 5+ years of experience in information security, especially in an incident response role
- 2+ years of experience leading a Cyber Incident Response Team
- Experience driving measurable improvement in monitoring and response capabilities at scale.
- Understanding of network security devices, protocols, routing, and services
- Experience with analysis of server, network, web and mail security events
- Familiarity with Information Security Risk Management practices
- Good written and verbal communication skills
- Scripting experience, preferable with python
- Proficiency with industry-standard DFIR toolsets, including X-Ways, EnCase, FTK, and Volatility.
- Experience with performing host or network incident response, malware analysis, or forensics
- Experience with Business Email Compromise and Ransomware incidents
- Knowledge of host and network log sources to apply to investigation and IR methodology in investigations
- Familiarity with MITRE ATT&CK and Cyber Kill Chain.
- Experience working with SIEM systems, threat intelligence platforms, security automation and orchestration solutions, intrusion detection and prevention systems (IDS/IPS), file integrity monitoring (FIM), DLP and other network and system monitoring tools.
- Knowledge of a variety of Internet protocols.
- knowledge of memory forensics
- Experience with cloud infrastructures for the enterprise, such as Amazon Web Services, G Suite, Office 365, and Azure. Experience with conducting log analysis of Windows Event Logs, Apache, IIS, and firewall logs.
- Proficiency with database querying and analysis.
- Experience with command line tools (grep, sed, awk, powershell), python, and other programming languages.
- Familiarity with Laws, Rules, and Regulations (LRRs) attendant Financial Institutions Information Security requirements including Privacy LRRs e.g. GDPR, NYDFS, SEC Guidelines.
- Security certifications such as CISSP, GCIH or GPEN are a plus
About LPL Financial:
LPL Financial is a leader in the retail financial advice market and the nation’s largest independent broker/dealer*. We serve independent financial advisors and financial institutions, providing them with the technology, research, clearing and compliance services, and practice management programs they need to create and grow thriving practices. LPL enables them to provide objective guidance to millions of American families seeking wealth management, retirement planning, financial planning and asset management solutions. LPL and its affiliates have more than 3,700 employees with primary offices in Boston, Charlotte, and San Diego.
If you join LPL, you will join a culture that believes in delivering a world-class client experience and looks to all employees to contribute to that goal by sharing their creativity, experience, and passion for continuous improvement. As a destination of choice, our top priorities are growth and development, social responsibility, and financial health for our employees.
We offer competitive compensation and industry leading benefits, including a wellness facility with onsite fitness classes, healthy meal choices, and a walk-in clinic. We support employee financial health through a 401k match, ESPP, and employee discounts. Work/life balance is our foundation and is supported through paid holidays, and paid time off (including time to volunteer). We foster a diverse work environment through Employee Resource Groups and diverse strategic partnerships.
Join the LPL team and help us make a difference by turning life’s aspirations into financial realities. Please login or create an account to apply to this position. Principals only. EOE
*As reported by Financial Planning magazine, June 1996-2017, based on total revenue.