The City of Seattle is seeking qualified candidates for the position of Security Operations Manager (IT Professional A) in the Seattle Information Technology’s (Seattle IT) Security and Infrastructure Division.
Department Overview
The City of Seattle is a leading local government in environmental stewardship and social justice. Our dedicated workforce plays a significant role in shaping a future where all who live, work, and play in our city can thrive.
Seattle Information Technology (Seattle IT) is a trusted partner dedicated to delivering secure, reliable, and responsible technology solutions that help the City provide equitable and effective services to our communities. Our team of more than 600 IT professionals supports a full spectrum of modern enterprise services and offers dynamic career paths with opportunities for growth and development.We’re committed to building a workforce that reflects the diversity of the residents we serve. We welcome people of all backgrounds, perspectives, and skills to join our team, because the more diverse we are, the stronger and more innovative our work becomes
Come and apply your extensive skills in cybersecurity leadership at the City of Seattle! We are looking for a dedicated, experienced cybersecurity professional to manage our Security Operations team and guide our cyber defenders in their mission to protect the City’s services, data, and systems. Join Seattle IT’s fantastic, committed team of IT experts, and together we can achieve great things!
The Security & Infrastructure (S&I) Division within Seattle IT provides the reliable, secure, highly available infrastructure services that the City’s technology delivery relies upon. Additionally, S&I provides cybersecurity services for the City’s entire IT environment in alignment with the NIST Cybersecurity Framework 2.0, industry standard methodologies, and regulatory expectations. We partner with the rest of Seattle IT to ensure our systems and data are safe, and that we are ready to respond should incidents arise. The work we do directly contributes to the protection of City data and systems, and the availability of the services the city provides to the public.
The Security Operations Manager leads a team of skilled cybersecurity professionals, while driving excellence in the processes and technologies around detection, assessment, response, and resolution of cybersecurity incidents. The position reports to the City of Seattle Chief Information Security Officer and Assistant Chief Technology Officer for Security & Infrastructure and partners closely with the cybersecurity risk team, peer cybersecurity teams across City Departments, and peer leaders across Seattle IT to promote and mature security practices and provides effective leadership and staff development for the Security Operations team.
Technical Leadership
-
Manage and lead ongoing improvements in Seattle IT’s citywide incident detection and response program, including the development and enhancement of incident response plans, processes, and tools to effectively run the program.
-
Coordinate detection engineering, SIEM/SOAR operations, EDR/XDR/NDR telemetry, forensic investigations, threat intelligence gathering and sharing, enterprise event log collection, and threat hunting activities.
-
Regularly validate the effectiveness of cybersecurity defenses and incident response readiness through measurable metrics, tabletop exercises, red/purple/blue teaming, and other approaches.
-
Lead Security Operations’ contribution to the City’s vulnerability management program in partnership with peer technical managers and compliance partners, providing operational metrics as needed and supporting a risk-based approach to prioritization of vulnerability remediation.
-
Proactively adapt Security Operations cyber defense capabilities in anticipation of City projects and programs, strategic direction, and industry shifts.
-
Maintain and grow strong operational relationships and processes between Security Operations and security partners across the City’s public safety, utility, transportation, and operational technology environments.
-
Assume incident command or other designated roles in cybersecurity incidents as defined by the relevant incident response plan.
-
Regularly review response plans to ensure incident notification reporting requirements for relevant compliance, federal, and state entities are documented and current.
-
Negotiate vendor contracts for a strengthened security posture at an advantageous cost
Strategic Leadership
-
Develop cybersecurity strategic roadmaps that are aligned with larger Seattle IT and City strategic goals and initiatives. Advise senior leadership on issues, challenges, trends, and opportunities, and recommend how those should influence division standard processes and strategies.
-
Provide overall management and coaching of the security operations staff, including developing training programs, setting team objectives and individual expectations, aligning team members for individual and team success, assessing performance, and meeting key performance indicators.
-
Establish and cultivate strong strategic partnerships with City peers and collaborators in cybersecurity risk, privacy, infrastructure, endpoint, identity, applications, operational technology, and other relevant domains. Ensure alignment on security objectives, incident readiness, and roadmaps.
-
Continually evaluate our security vendor and managed service relationships, including managed service providers, for value, service performance, incident coordination, and alignment with strategic roadmaps and industry direction.
-
Maintain awareness of industry trends and developments in cybersecurity and adjacent domains that may impact our environment, and work with the Security Leadership to adjust approaches and roadmaps as needed.
-
Communicate effectively and professionally with all levels of the organization.
-
Lead executive briefings and incident command communications during cybersecurity events, exercises, and readiness reviews, translating technical risk into operational and policy decisions for senior City leadership.
-
Periodically support and advise sister agencies in their cybersecurity practices, protocols and incident response
-
Lead the team in incorporating the City’s Race and Social Justice Initiative values and objectives into daily work, programs, and practices.
-
Engage in strategic leadership, partnership, and mutual support with the S&I divisional leadership team and Seattle IT-wide leadership/management bodies and actively represent our leadership values daily.
-
Manage the Security Operations team’s annual budget, including forecasting, tracking of actuals, and identification of cost savings and efficiencies.
-
This position may be required to work outside of business hours in response to incident scenarios.
Please note this job advertisement is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.
The full salary range for this position is $62.59 - $93.90 per hour.
The targeted salary range for this individual role is up to $92.50 per hour based on experience and skills.
Why work at the City of Seattle?
The City of Seattle recognizes everyone must play a role in ending institutional and structural racism. Our behavior shapes our workplace culture, reflects our personal commitments, and how we fearlessly share our view and encourage others to do the same. We seek employees who will engage in the Race and Social Justice Initiative by working to dismantle racist policies and procedures, unlearn the way things have always been done, and provide fair and accessible processes and services.
Benefits
The City of Seattle offers a comprehensive benefits package including vacation, holiday, and sick leave as well as medical, dental, vision, life and long-term disability insurance for employees and their dependents. More information about employee benefits is available on the City’s website at: https://www.seattle.gov/human-resources/benefits/employees-and-covered-family-members/most-employees-plans.
Application & Selections Process
-
A complete NeoGov/GovernmentJobs online application is required. Please include at least 10 years of relevant work history (or more, if applicable), with job duties, employment dates, number of direct reports, and reasons for leaving clearly detailed.
-
Attached resume and cover letter describing your skills and experience in relation to this position.
-
Supplemental questions responses
Your application must include both a resume and a cover letter. Applications submitted without these documents will not be considered.
Please ensure that both documents have been successfully uploaded before submitting your application.
The most competitive candidates will be invited to participate in one or more interviews.
If you have any questions or require a reasonable accommodation to complete any part of the selection process, please contact Julie Hugill at [email protected]
Workplace Environment (Telework Expectation):
This position offers flexibility of a hybrid work schedule. Hybrid telework schedules have a minimum requirement of three days onsite per week, which is subject to change at any time at the Mayor’s discretion. Individual schedules are based on operational needs and agreement between the employee and their supervisor.
Background Check: This hiring process involves a background check of conviction and arrest records in compliance with Seattle’s Fair Chance Employment Ordinance, SMC 14.17. Applicants will be provided an opportunity to explain or correct background information.
Criminal Justice Information Services (CJIS) Check
This position performs essential functions that require CJIS-authorized access to systems, environments, logs, forensic artifacts, security telemetry, or facilities supporting criminal justice operations. Candidates must pass the Seattle Police Department Criminal Justice Information Services (CJIS) background investigation as a condition of employment, and incumbents must maintain that authorization in accordance with applicable FBI CJIS Security Policy personnel security requirements. Inability to obtain or maintain required CJIS authorization may result in the candidate or employee being unable to perform essential functions of the position.
Who may apply: This role is open to all candidates that meet the minimum qualifications. We value different view points and life experiences. Your application will be considered regardless of race, color, creed, national origin, ancestry, sex, marital status, disability, religious or political affiliation, age, sexual orientation, or gender identity. The City encourages people of all backgrounds to apply, including people of color, immigrants, refugees, women, LGBTQ+, people with disabilities, veterans, and those with diverse life experiences.
#LI-FW1
#LI-Hybrid