Manager, Incident Response

Over 100,000 businesses and millions of people use 1Password to protect their most important information, and we believe those people – and the companies they work for – shouldn’t have to choose between security and productivity. We see security as a human challenge, rather than a technological one. It’s hard work, but our mission has always been to ease the tension between security and convenience and help people navigate the digital world without fear or friction. Human-centric security is part of our DNA, but human-centricity is also the backbone of our culture. We encourage big ideas and new ways of working that help us to make the online world a safer place for everyone.
1Password has a long-standing commitment to customer privacy and security, and the Security Team is responsible for upholding this commitment. We are a passionate team that really cares about protecting our customers and we’re looking for someone that shares this passion.
We are looking for an inspiring leader who believes in working for a purpose-led organization, with proven experience and success in providing leadership, and supporting the development and growth of a team. This is a critical role, working to ensure the security and integrity of our systems and infrastructure; leading the Incident Response team, and guiding the evolution of the Incident Response program. You should thrive on inspiring people to want to do their best work, continue developing new skills, and succeed in a collaborative, rapid-growth environment. This role will engage with multiple teams cross-functionally, developing strong relationships across the company, being both a leader and advocate for security throughout the company.
In this role, you will be reporting to the Director of Security, leading and supporting a small team of Incident Response Analysts. You will oversee day to day operations of the Incident Response team, ensuring they have the support they need to constantly raise the bar for security in 1Password and the industry.
This is a remote opportunity within Canada and the United States.

What we're looking for:

• 7+ years of relevant work experience, including 2+ years of prior management experience
• Experience in a highly-distributed / remote work environment
• Experience developing and improving incident response, monitoring, and detection programs
• Experience with system and network monitoring tools
• Understanding of monitoring, detection, and response automation strategies
• Understanding of threat modeling, threat intelligence, and common attacks
• Ability to identify IOCs and implement detection and alerting
• Ability to perform log and system analysis to identify potential incidents
• Ability to server as a subject matter expert when working with various teams
• Ability to identify and implement mitigating controls and countermeasures
• Detailed knowledge of AWS, and the unique opportunities and challenges it provides
• Bonus points for experience with Lacework and similar systems
• Ability to develop custom tools or integrations in a scripting language such as Python is a huge plus

What you can expect:

• Identify opportunities to improve detection and monitoring capabilities, and design solutions to address them
• Assist in updating and developing policies and procedures
• Investigate potential incidents to determine cause, as well as triage and respond to actual incidents
• Work with developers, DevOps, IT, and other teams to improve monitoring capabilities, perform root cause analysis, and develop mitigation plans
• Support a small team of Incident Response Analysts, providing mentorship, guidance, and oversight

What we offer:
We believe in working hard, and resting hard. We’re always looking for new ways to support our team members, but here’s a glance at what we currently offer:
Health and wellbeing> 👶 Maternity and parental leave top up programs> 👟 Wellness spending account> 🏝 Generous PTO policy > 💖 Company-wide wellness days off scheduled throughout the year > 🧠 Complimentary Headspace membership> 🩺 Comprehensive health coverage
 Growth and future > 📈 Employee stock option program for all full time employees > 💸 Retirement matching program> 💡 Training budget, 1Password University access, and learning sessions > 🔑 Free 1Password account (and friends and family discount!) > 🏦 A You Need A Budget membership
Flexibility and community> 🤝 Paid volunteer days > 🌎 Employee-led DEI&B programs and ERGs> 🏠 Fully remote environment> 🏆 Peer-to-peer recognition through Bonusly
You belong here.
1Password is proud to be an equal opportunity employer. We are committed to fostering an inclusive, diverse and equitable workplace that is built on trust, support and respect. We welcome all individuals and do not discriminate on the the basis of gender identity and expression, race, ethnicity, disability, sexual orientation, colour, religion, creed, gender, national origin, age, marital status, pregnancy, sex, citizenship, education, languages spoken or veteran status. Be yourself, find your people and share the things you love.
Accommodation is available upon request at any point during our recruitment process. If you require an accommodation, please speak to your talent acquisition partner or email us at nextbit@agilebits.com and we’ll work to meet your needs.
Candidate Privacy Notice
When you apply for a position, refer a candidate, or are being considered for a role at AgileBits, Inc. (dba 1Password, 1Password, we, us, or our), your information is stored in Lever, in accordance with Lever's Service Privacy Notice. We use this information to evaluate your candidacy for the posted position. We also store this information, and may use it in relation to future positions to which you apply, or which we believe may be relevant to you given your background.
Candidates may also optionally choose to self-identify their race/ethnicity, gender identity, sexual orientation, age, and disability. These answers will help us evaluate our diversity and belonging efforts. You do not have to answer these questions—your answers will not be linked to your name or job application, will not be visible to the hiring manager reviewing your application, and will in no way affect your job application. If you have any questions about the collection or use of this information, please contact [dpo@1password.com].
When we have no ongoing legitimate business need to process your information, we will either delete or anonymize it. If you have any questions about how we use or process your information, or if you would like to ask to access, correct, or delete your information, please contact our privacy team at [dpo@1password.com] or through 1Password Support.