Security Incident Response Team (SIRT) Manager

London, UK

Full Time
Box logo
Box
Apply now Apply later

Posted 1 week ago

WHAT IS BOX?   Box is the market leader for Cloud Content Management. Our mission is to power how the world works together. Box is partnering with enterprise organisations to accelerate their digital transformation by creating a single platform for secure content management, collaboration and workflow. We have an amazing opportunity to further establish ourselves as leaders in the space, and we need strong advocates to help us achieve that goal.    By joining Box, you will have the unique opportunity to help capture a majority of this developing market and define what content management looks like for the digital enterprise. Today, Box powers over 98,000 businesses, including 70% of the Fortune 500 who trust Box to manage their content in the cloud.    WHY BOX NEEDS YOU?    Box is growing fast. Real fast. Every business in the world is looking to modernise the way that they work. As the leader in cloud content management, Box is the only company that can help enterprises transform how people work together.    As Box is scaling at a rapid pace, with innovation and speed comes interesting security challenges. Our customers demand world class security.  We need your creativity, technical expertise, and leadership skills to help us tackle these challenges.     WHO YOU ARE?    You have a bachelor's degree in a technical engineering or IT related field or equivalent and 5+ years related management experience.   General Role Experience - if you're hitting several bullets, please apply: People oriented role that can align multiple stakeholders of differing disciplines.
  • Experience working with Legal, HR, Compliance, Technical Operations in a SaaS or Large Enterprise Environment.
  • Proven track record as a tech lead or people manager.
  • Bachelor's degree in a technical, engineering or IT related field or equivalent and 5+ years related experience (bonus points for Master's in a technical field).
  • Industry Recognized Security Certifications like Splunk Certifications, CISSP, GCIA, GCIH, GREM.
  Experience and demonstrated knowledge in a few of the following roles and technologies (these are a few of the potential things you'll be working on):  
  • Incident Response and Incident investigation:
      • MacOS Environments
      • Container Security (Docker, Kubernetes).
      • Endpoint Security (Crowdstrike, Endgame, CarbonBlack, OSQuery)
      • Public Cloud Security (AWS, Microsoft Azure, Google Cloud, etc).
      • On-premise IaaS Security (Kubernetes, OpenStack, VMware, hyper-V, etc).
      • Network IDS/IPS (Bro, Surricata, snort).
      • Host-level Security using technologies like auditd, osquery, Linux system logs, Windows event logs, etc.
      • Web Application Security (OWASP Top 10).
    • Relentless automation (we just acquired a pretty sweet SOAR platform and have a dedicated automation team).
    • Scripting (python, bash, zsh, powershell, etc).
    • Formal security models like MITRE ATT&CK or CIS Critical Security Controls. 
    • Security Visualization and defining Security Metrics.
 
  • Advanced experience with Splunk, Splunk Processing Language (SPL), or other query languages.
  • Strong management skills with the ability to multi-task
  • Strong written and verbal communication skills 
  • Ability to de-escalate high-pressure situations, synthesize the big picture and be able to rapidly\accurately communicate with both technical and non-technical stakeholders
  • Relentless automation (we just acquired a pretty sweet SOAR platform and have a dedicated automation team).
  • Passionate about supporting, leading and mentoring team with a track record of building highly effective teams
  • Experience of setting team OKR's and KPI's.
  • Security Visualization and defining Security Metrics.
  Nice to have:
  • Industry Recognized Security Certifications like CISSP, CEH, GCIA, GCIH
  • Experience securing cloud deployments involving AWS, Docker, Hashicorp tools, Kubernetes and Serverless architectures like Lambda  
  • Prior work experiences in dev ops, software engineering or sys admin roles
  • Visualization and machine learning experience
  • Prior experience working in a global environment
  • Prior open source contributions
  BENEFITS   Box Benefits package includes pension, medical and dental coverage. We have a robust wellness program including 25 days of vacation (plus your birthday off!) and subsidised gym membership. There is such a thing as a free lunch, our in-house chef prepares this daily along with lots of snacks and drinks. EMEA HQ office is located in the impressive White Collar Factory on Old Street; www.whitecollarfactor.com, European offices in Paris and Munich.   EQUAL OPPORTUNITY    We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, colour, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.   For details on how we protect your information when you apply, please see our Personnel Privacy Notice.   #LI-EMEA
Job tags: Automation AWS Azure CEH CISSP Docker GCIH Google IaaS IDS Incident response IPS Lambda Linux Machine Learning Open Source Python SaaS Splunk Windows