Job Description

Pay Transparency Statement: 

The compensation philosophy reflects the Company’s reasonable expectation at the time of posting. We consider a number of factors when making individual compensation decisions including, but not limited to, skill sets, experience and training, and other business needs.  This role may also be eligible to participate in a discretionary incentive program, subject to the rule governing the program.

Position Summary:

As the Global Incident Response Manager, you will lead the Global Incident Response (IR) team and cross-functional teams, responding to and neutralizing threats that pose a risk to the business. You will coordinate all cross-team collaboration, documentation, create and maintain relevant KPI´s, and develop runbooks/playbooks related to IR. You will work closely with the SOC/SIEM Managed Security Services Provider (MSSP) and internal service partners striving for continuous improvement.

Position Responsibilities may include, but not limited to:  

• Manage the IR team and MSSP personnel supporting IR functions, overseeing recruitment, training, and retention
• Respond to incidents, ensuring correct procedures and playbooks are followed to handle incidents, mitigate risk to business operations, and coordinate actions and communications with both technical and business stakeholders
• Utilize data from Threat Intelligence, Threat Hunting, Vulnerability Management, SOC, and Red Team to address security issues and enhance detection and response times
• Oversee all people-management activities for direct reports, including establishing goals and providing mentorship for team members
• Build and maintain relationships with key stakeholders, suppliers, IT, and other departments to support security initiatives
• Design and engineer processes, procedures, and work instructions for all tasks related to IR and forensics
• Drive IR continuous improvement through KPIs, operational metrics, high quality reports to technical and executive audiences, and Tabletop exercises
• Review and update the Cyber Security Incident Response Plan (CSIRP) annually and on an as-needed basis
• Advise and approve tuning recommendations within security products to reduce the number of false-positives and false-negatives
• Participate in developing Purple Team activities to facilitate team and individual skill improvement, as well as improve security controls

Required Skills and Experience:  

• Bachelor’s Degree in a technology related field with 6+ years of experience in hands-on incident response, threat hunting, or forensics role and 3+ years of management experience leading a team. Or High School Diploma with 9+ years of experience in an information technology role with 4+ years of management experience
• Expertise building workflows and playbooks to facilitate the incident response process
• Experience creating reports to the Leadership as well as technical post-incident documents
• Experience in Security Operations in a medium to large enterprise
• Strong interpersonal and communication skills, including the ability to interact and build trusting relationships at all levels of the company
• Possess strong interpersonal, prioritization, decision-making, and conflict resolution skills
• Prior experience managing people in a large, matrixed organization, including recruiting, identifying, developing, and retaining talent
• Ability to manage people, processes, and resources to meet strategic priorities
• Ability to lead and communicate change
• Ability to hold self and others accountable to achieve results
• Travel – 15% - Occasional, based on team needs, training
• This position must pass a post-offer background and drug test

Preferred Skills and Experience:  

• Desirable experience in leading Threat Intel, Threat Hunting, SOC and SIEM teams
• host and network-based forensics in support of IR investigations. Master’s Degree or Graduate education in CyberSecurity.
• Familiar with at least three of the following

• • Windows disk and memory forensics
  • Network traffic analysis (netflow,pcap)
  • Log Analysis
  • Unix or Linux disk and memory forensics
  • Malware analysis – both static and dynamic 

• Relevant Industry Certifications:

• • GCFA
  • GCFE
  • GNFA
  • GREM
  • GCIH
  • GSE
  • E|CIH
  • CISSP
  • IRHP
  • CSIH
  • CIHE

Physical Demands and Work Environment :

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Due to the nature of our business in regard to such things as delivery schedules, order inputs, selection, and Department of Transportation Hours of Service, overtime, attendance and punctuality are essential job functions. Should an individual in this classification not be able to adhere to this requirement due to a disability, they should contact their Human Resources department to see what, if any, reasonable accommodation may be made. 

Job Tags

Similar Jobs