Job Specifications
At KUBRA, we’re looking for a Security Manager to take ownership of our Security Operations function and play a key role in strengthening and evolving our security posture across the organization!
This role involves strategic decision making, leading system implementations, and driving the adoption and testing of security processes and procedures that enhance the resilience of our infrastructure and IT systems.
You will be responsible for protecting KUBRA’s data assets from security threats, vulnerabilities, and emerging risks, while working closely with technology and business stakeholders to ensure security is embedded into everything we build and operate.
How You’ll Contribute
Lead the implementation and maintenance of Cybersecurity programs and projects
Security Standards: Develop and implement security operations standards, procedures, and guidelines as needed
Strategic Planning: Create and update security plans to address evolving threats and risks
Team Leadership: Lead and manage the Security Operations team, providing guidance, training, and mentorship
Recruitment: Oversee the recruitment and development of security operations analysts
Goal Achievement: Lead the team in achieving established goals and departmental objectives
Performance Management: Accomplish staff results by communicating job expectations; planning, monitoring, and appraising job results; coaching, counseling, and disciplining employees; developing, coordinating, and enforcing systems, policies, procedures, and productivity standards
Culture: Foster an environment that emphasizes trust, open communication, creative thinking, and cohesive team effort
Security Strategy and Planning:
Develop and implement security operations standards, procedures, and guidelines as needed
Create and update security plans to address evolving threats and risks
Assess the operational security risks of third-party tools and integrations within the security stack to support vendor risk management responsibilities.
Incident Response:
Manage the 24/7 monitoring of security alerts and incidents
Develop and implement incident response plans and procedures
Establish and maintain an incident response plan to address security breaches and emergencies
Coordinate and lead the response to security incidents, collaborating with relevant stakeholders
Conduct or oversee investigations into security incidents, violations, or breaches
Collaborate with law enforcement or external agencies as needed
Oversee digital forensics investigations to support HR, Legal, and external law enforcement requirements during serious breaches or internal policy violations
Vulnerability Management:
Design, implement, and operate a comprehensive Risk-Based Vulnerability Management Program covering Infrastructure, Applications, and CI/CD Pipelines
Drive the classification of vulnerabilities based on contextual risk (e.g., exploitability, asset criticality) rather than just CVSS scores, prioritizing remediation efforts effectively
Establish and lead a Security Champions Program to foster security culture within development and engineering teams, ensuring security advocates are embedded across the organization
Security Tools and Technology Management:
Establish and lead a Security Champions Program to foster security culture within development and engineering teams, ensuring security advocates are embedded across the organization
Oversee the deployment and maintenance of security technologies within the SOC, such as SIEM (Security Information and Event Management) systems, intrusion detection/prevention systems, and other relevant tools
Management of security technologies, such as firewalls, surveillance systems, access control systems, and intrusion detection systems
Identity and Access Management (IAM):
Oversee the Identity and Access Management (IAM) and Identity Governance and Administration (IGA) programs, ensuring proper lifecycle management, access reviews, and least-privilege enforcement
Threat Intelligence:
Stay current on the latest cyber threats and vulnerabilities
Integrate threat intelligence into SOC processes to proactively identify potential risks
Continuous Monitoring and Analysis:
Implement continuous monitoring of network and system activities
Analyze security alerts and log data to identify patterns and trends
Reporting and Documentation:
Prepare and deliver regular reports on Security Operations activities, incident trends, and key performance indicators (KPIs)
Maintain documentation of incidents, responses, and lessons learned
Compliance:
Ensure compliance with relevant regulations and industry standards such as PCI DSS, NIST, ISO and other frameworks
Tabletop Exercise Programs:
Conduct regular tabletop exercises to test and improve incident response capabilities
Facilitate Purple Team exercises to validate detection logic and improve defensive posture against specific TTPs (Tactics, Techniques, and Procedures)
Budget Management:
Manage the budget for the Security Oper
About the Company
KUBRA provides customer experience management solutions to some of North America's largest utility, government, and insurance entities. Our extensive portfolio includes billing and payments, mapping, mobile apps, proactive communications, and artificial intelligence solutions for customers. With more than two billion customer interactions annually, KUBRA services reach over 40% of households in the U.S. and Canada. KUBRA is an operating subsidiary of the Hearst Corporation. Job Recruitment Scams Warning: It has been brought ...
Know more