Security Operations Manager

Salary: $56.94 - $85.42 Hourly

Location: Seattle, WA

Job Type: Civil Service Exempt, Regular, Full-time

Job Number: 2024-01424

Department: Seattle Information Technology

Opening Date: 11/18/2024

Closing Date: 12/10/2024 4:00 PM Pacific

Position Description

The City of Seattle is seeking qualified candidates for the position of Security Operations Manager (IT Professional A) in the Seattle Information Technology’s (Seattle IT) Security and Infrastructure Division.

Department Overview 

The City of Seattle is a leading local government in environmental stewardship and social justice. Our dedicated workforce plays a significant role in crafting a future where all who live, work, and play in our city can thrive.

Seattle Information Technology (IT) is a trusted partner that provides secure, reliable, and responsible technologies enabling the City to deliver equitable and effective services. Over 600 professionals in Seattle IT provide a full spectrum of a modern enterprise services with dynamic careers with opportunities for growth. We are looking for all kinds of people, with varying backgrounds, perspectives, and skills to join the team. The more diverse we are the better our work will be. The City of Seattle is proud to be an equal opportunity employer.

Position Overview & Description:

Come and apply your extensive skills in cybersecurity leadership at the City of Seattle! We are looking for a dedicated, experienced cybersecurity professional to lead our Security Operations team and guide our cyber defenders in their mission to protect the City's services, data, and systems. Join Seattle IT's fantastic, committed team of IT experts, and together we can achieve great things!

The Security & Infrastructure (S&I) Division within Seattle IT provides the reliable, secure, highly available infrastructure services that the City's technology delivery relies upon. Additionally, S&I provides cybersecurity services for the City's entire IT environment in alignment with the NIST Cybersecurity framework, industry standard methodologies, and regulatory expectations. We partner with the rest of Seattle IT to ensure our systems and data are safe, and that we are ready to respond should incidents arise. The work we do directly contributes to the protection of City data and systems, and the availability of the services the city provides to the public.

The Security Operations Manager leads a team of skilled security engineers, while driving excellence in the processes and technologies around detection, assessment, response, and resolution of cybersecurity incidents. The position partners closely with the CISO, the cybersecurity risk manager, and peer leaders across Seattle IT to promote and mature security practices and provides effective leadership and staff development for the Security Operations team.

Job Responsibilities

Key Accountabilities/Responsibilities:

Technical Leadership

• Manage and lead ongoing improvements in Seattle IT’s citywide incident detection and response program, including the development and enhancement of incident response plans, processes, and tools to effectively run the program.
• Coordinate our SIEM/SOAR operations, forensic investigations, threat intelligence gathering and sharing, enterprise event log collection, and threat hunting activities.
• Regularly validate the effectiveness of cybersecurity defenses and incident response readiness via tabletop exercises, red/purple/blue teaming, and other approaches.
• Lead our vulnerability management program in partnership with peer technical managers and compliance partners, providing metrics as needed and leading with a risk-based approach to prioritization of vulnerability remediation.
• Proactively adapt Security Operations cyber defense capabilities in anticipation of City projects and programs, strategic direction, and industry shifts.
• Maintain and grow strong operational relationships and processes between Security Operations and security partners in the City's operational technology environments.
• Assume incident command or other designated roles in cybersecurity incidents as defined by the relevant incident response plan.
• Regularly review response plans to ensure incident notification reporting requirements for relevant compliance, federal, and state entities are documented and current.

Strategic Leadership

• Develop cybersecurity strategic roadmaps for that are aligned with larger Seattle IT and City strategic goals and initiatives. Advise senior leadership on issues, challenges, trends, and opportunities, and recommend how those should influence division standard processes and strategies.
• Provide overall management of the Security Operations staff, including developing training programs, setting team objectives and individual expectations, aligning team members for individual and team success, assessing performance, and meeting key performance indicators.
• Establish and cultivate strong strategic partnerships with City peers and collaborators in cybersecurity risk, privacy, infrastructure, endpoint, identity, applications, operational technology, and other relevant domains. Ensure alignment on security objectives, incident readiness, and roadmaps.
• Continually evaluate our security vendor relationships for value and effectiveness of tools and services, as well as alignment with strategic roadmaps and industry direction.
• Maintain awareness of industry trends and developments in cybersecurity and adjacent domains that may impact our environment, and work with the CISO to adjust approaches and roadmaps as needed.
• Communicate effectively and professionally with all levels of the organization.
• Lead the team in incorporating the City's Race and Social Justice Initiative values and objectives into daily work, programs, and practices.
• Engage in strategic leadership, partnership, and mutual support with the S&I divisional leadership team and Seattle IT-wide leadership/management bodies, and actively represent our leadership values daily.
• Manage the Security Operations team's annual budget, including forecasting, tracking of actuals, and identification of cost savings and efficiencies.
• This position may be required to work outside of business hours in response to incident scenarios.

Qualifications

NOTE: Equivalent combinations of education and experience will be considered for the required qualifications.

Required Qualifications:

Education:

• Bachelor's degree or equivalent experience in a technology-related field.

Experience:

• Ten years’ experience in information technology positions, with five of those in cybersecurity roles.
• Five years of demonstrable experience leading, mentoring, and developing a technical team, with at least three years of that being with a cybersecurity-related team.

General knowledge, skills and experience:

• Advanced knowledge of the various attack tactics, techniques, and practices used by threat actors, as well as networking technologies, protocols, and common security tools.
• Demonstrated ability to develop, improve, and exercise incident response plans and procedures.
• Understanding of federal, state, and regulatory compliance drivers and requirements relevant to municipal governments and utility organizations.
• Experience successfully coordinating all aspects of a team budget.

Desired Qualifications:

You will be best equipped for this role if you have one or more of the following:

• Knowledge of a breadth of technical domains, including one or more of servers, identity, cloud, database, and applications.
• Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) certification
• Significant experience with red/purple/blue teaming, penetration testing, tabletop exercises, and other forms of assurance of cyber defenses and response readiness
• Experience leading union-represented staff
• Experience successfully handling vendor relationships, performance, and contracts.

Key Competencies:

• Risk management: Ability to assess and prioritize cybersecurity risks effectively.
• Communication: Superb communication skills, both written and verbal, to effectively communicate with and translate technical topics for different audiences of varying technical levels.
• Technical expertise: Advanced understanding of cybersecurity technologies, tools, and techniques.
• Collaboration: Ability to work effectively with other managers, teams, departments, and partners.
• Leadership: Ability to lead and motivate a team of cybersecurity professionals.
• Problem solving: Ability to identify, investigate, and solve complex problems related to cybersecurity.

Note:

• Must pass Seattle Police Department, Criminal Justice Information Services (CJIS) background check.

Additional Information

• The full salary range for this position is $56.94 – $85.42 per hour. 

First round interviews for this position are tentatively scheduled for the week of January 6, 2025.

Why work at the City of Seattle?

The City of Seattle recognizes everyone must play a role in ending institutional and structural racism. Our behavior shapes our workplace culture, reflects our personal commitments, and how we fearlessly share our view and encourage others to do the same. We seek employees who will engage in the Race and Social Justice Initiative by working to dismantle racist policies and procedures, unlearn the way things have always been done, and provide fair and accessible processes and services.

The City of Seattle offers a comprehensive benefits package including vacation, holiday, and sick leave as well as medical, dental, vision, life and long-term disability insurance for employees and their dependents. More information about employee benefits is available on the City's website at: https://www.seattle.gov/human-resources/benefits/employees-and-covered-family-members/most-employees-plans.

Application Process
 Please submit the following with your online application: 

• A cover letter in which you clearly describe how your knowledge, experience, skills, and abilities prepare you for the job responsibilities and qualifications outlined in the job announcement 

• A current resume of your educational and professional work experience. 

Incomplete applications may not be considered. 

If you have any questions or require a reasonable accommodation to complete any part of the selection process, please contact Julie Hugill at Julie.Hugill@Seattle.gov

Workplace Environment (Telework Expectation): This position offers the flexibility of a hybrid work schedule. Starting January 2, 2025, City employees will have the option to work remotely two days a week. Individual schedules will be based on operational needs and agreement between the employee and their supervisor.

Background Check: This hiring process involves a background check of conviction and arrest records in compliance with Seattle's Fair Chance Employment Ordinance, SMC 14.17. Applicants will be provided an opportunity to explain or correct background information.

Who may apply: This role is open to all candidates that meet the minimum qualifications. We value different view points and life experiences. Your application will be considered regardless of race, color, creed, national origin, ancestry, sex, marital status, disability, religious or political affiliation, age, sexual orientation, or gender identity. The City encourages people of all backgrounds to apply, including people of color, immigrants, refugees, women, LGBTQ+, people with disabilities, veterans, and those with diverse life experiences.

#LI-FW1

Agency

City of Seattle

Address

Seattle Municipal Tower
700 5th Avenue, Suite 5500
Seattle, Washington, 98104

Website

http://www.seattle.gov/jobs