Systems Manager - Cyber Security Manager

Overview

Come join us at Con Edison as a Systems Manager - Cyber Security Manager! We are seeking a highly skilled and motivated individual to join our growing team. In this role, you will be leading cyber response efforts across both OT and IT environments. You will oversee enterprise-wide forensic collections, manage large-scale response efforts, develop and mentor a high-performing team, and present findings to senior leadership to drive strategic decision-making.

Responsibilities

Core Responsibilities

• Lead enterprise forensic collections across IT and OT environments, ensuring accurate and thorough acquisition of evidence.
• Analyze and interpret data to identify indicators of compromise, attack vectors, and root causes.
• Provide recommendations for corporate incident response plans and post-incident reviews.
• Present findings and strategic recommendations to executive stakeholders in a clear and concise manner.
• Continuously evaluate and improve forensic response processes, tools, and methodologies.
• Develop and lead a team of incident response and forensics professionals, providing guidance, mentorship, and ongoing training to build a high-performing team.
• Serve as a technical SME for more junior members of the forensics team.
• Collaborate with other cybersecurity teams (e.g., Red Team, vulnerability management, CSOC) to enhance overall detection, response, and mitigation efforts.
• Act as the primary point of escalation for large cybersecurity events.
• Ability to preserve digital evidence, through industry standard best practices.
• Perform reverse engineering malware and conducting static and dynamic analysis of files when required.
• Perform detailed network analysis utilizing open-source and commercial tools.
• Ability to utilize social media/open source for research.
• Identify digital artifacts in a wide range of mobile, embedded, desktop, and server architectures.
• Research various Cybersecurity Technologies and work with SMEs to make recommendations.
• Maintain and improve forensics laboratory.

Qualifications

Required Education/Experience

• Master's Degree and a minimum of five (6) years of Digital Forensics, Incident Response, or other related DFIR experience
• Bachelor's Degree and a minimum of five (8) years of Digital Forensics, Incident Response, or other related DFIR experience

Relevant Work Experience

• Previous Digital Forensics/Incident Response experience required.
• Proficient in using known commercial and/or open source, incident response and forensic software.
• Understanding of industry standard policies, processes, and procedures
• Understanding of chain of custody
• Previous experience creating timelines and completing a root cause analysis.
• Proficiency in collecting, analyzing the evidence collected and creating reports based on the findings to different stakeholders: (Technical, Executive, etc.)
• Knowledge of current and evolving cyber threat landscape.
• Understanding of OT systems, protocols, and industrial control systems (ICS)
• Ability to remain agile and work in a fast-paced environment.
• Highly organized and detail oriented.
• Demonstrated analytical and impact analysis skills.
• Ability to handle multiple priorities effectively.
• Strong ethical standards and commitment to maintain confidentiality

Skills and Abilities

• Strong verbal communication and listening skills
• Demonstrated written communication skills
• Demonstrated analytical skills
• Must be proficient in Microsoft Office including Word, Excel, Outlook and PowerPoint, etc.

Licenses and Certifications

• Driver's License Required
• Other: Relevant DFIR certifications such as GCIH, GCIA, GCFE, EnCE, GREM, CFCE or similar.

Additional Physical Demands

• Must be able to respond to Company emergencies by performing a System Emergency Assignment to restore service to our customers.
• Must be able and willing to travel within Company service territory, as needed.
• Must be available 24/7, on call, and/or participate in off-hour emergency response activities as required