Senior Manager of Cyber Security - Full-time

Work it! Here at Shake Shack, we take care of each other first and foremost so that we can make raves for our guests, community, suppliers, and investors. After all, teamwork makes the dream work. We work our buns off, but we play hard too, with a company retreat, Team Appreciation Day, volunteer opportunities, and so much more. If you’re looking for a deeply fulfilling, financially rewarding, and really fun career, you’re in the right place. 

Senior Manager of Cyber Security

Key Responsibilities

• Day to day operations of the company’s Cyber Intelligence Monitoring and Threat analysis.
• Provide log analysis, real-time intrusion analysis, incident response, and security monitoring using a wide-array of industry leading tools
• Respond and perform in-depth technical analysis and risk assessment of all security events and incidents.
• Provide related documentation in support of regulatory guidelines (SOC, PCI, etc..) and auditing initiatives
• Engage in security investigations and use tools to identify and report the outcomes of incidents to senior management.
• Participate in technical discussions around security events and activities with various non-technical and technical parties.
• Develop an operational support plan for the sustained success of the program – including KPIs of MSSP, training and development of SOC analysts and identify process improvements
• Collaborate with security architects, development, network, server and web teams investigate security incidents and provide prevention solutions for cyber threats
• Follow the company’s project management and SDLC disciplines to insure structured and effective implementation and operations
• Manage Vulnerability Management Program
• Responsible for the monthly testing of the company’s security vulnerabilities
• Track remediation of the identified security vulnerabilities
• Responsible for security awareness training and education for all levels of employees
• Collaborate with application and operation system teams to remediate any security vulnerability findings
• Support 3rd party testing of the company’s cyber security posture
• Recommend, and apply best practices for addressing ongoing threats
• Manage security tools that monitor the company’s security configuration, changes and baselines; such as SIEM.
• Respond to Endpoint protection and malware detection tools alerts.
• Makes suggestions on tuning IDS Platforms, Firewall Policies, and other security devices.

Skills & Knowledge:

• Network security management
• Web application security management
• Vulnerability & Patch management
• Designing and Operating enterprise security controls
• Malware analysis and remediation and Web Server – Anomaly Analysis
• Security Incident Response management
• Security Operations management and maintaining IT general controls
• Expertise with security assessment methodology, vulnerability management, OWASP model, CVE ratings
• Advanced knowledge of networking protocols and equipment
• Comfortable with packet analysis and forensic tools
• Knowledge of a managed security service provider operating model.
• Firewalls, IDS/IPS, Web Firewalls, Sandboxing, and other security tools.
• Scripting with Bash, Batch, Perl, or Python – beneficial.
• Strong understanding of Unix/Linux operating systems.
• Ability to read web and application server logs to determine potential breaches.
• Ability to read and action upon logs from endpoint security and malware detection tools
• Ability to set strategic goals via cyber security industry trends in areas surrounding threat intelligence,
• SIEM technologies and correlation.
• Familiarity in cyber security forensics is a plus
• Network security certifications a plus
• 24 x 7 On Call responsibility

Experience:

• Bachelors Degree (or equivalent) or advanced degree highly desired.
• 3-5 years of extensive experience working with network security and web application security management
• Successful track record of managing large projects and IT initiatives
• Practical knowledge of cyber concepts and software development life cycle (SDLC) methodologies
• In-depth knowledge of subject matter surrounding current and evolving application solutions, industry standards and best practices
• Experience managing staff and leading a cross-functional team

Other benefits include: 

About Us

Beginning as a hot dog cart in New York City’s Madison Square Park, Shake Shack was created by Danny Meyer, Founder and CEO of Union Square Hospitality Group and best-selling author of Setting the Table. Shack Fans lined up daily, making the cart a resounding success, and donating all proceeds back to the park beautification efforts.  A permanent stand was eventually built…and the rest is Shack history! With our roots in fine dining and giving back to the community, we are committed to high quality food served with a high level of hospitality. Our team members enjoy a positive work environment that is deeply committed to the philosophy that we "Stand for Something Good."