Information Security - Incident Response Lead

We’re always on the search for amazing people. People who have a real passion for what they do and are masters at their craft. We are looking for a Lead on our Incident Response team to join our Information Security (InfoSec) org at Elastic. The InfoSec team leads the strategy, policy, and programs for information security company-wide. Our responsibilities include risk management, implementing a holistic security program, driving compliance initiatives, recommending and implementing security controls, preventing and detecting security threats, and handling incident response. We do all of this in a globally distributed company, thinking differently about how to best achieve critical information security objectives.

• Do you thrive in navigating ambiguity, adapt quickly to a changing environment, and take a global view?
• Are you data driven and passionate about optimizing communications, process, and structure?
• Do you balance the big picture with day-to-day operational details to limit the impact of security events through innovative ways, improving the ability to prevent, detect, disrupt, investigate, respond, and recover?
• Are you a strong communicator who is a calm leader in a stressful situation, makes sound decisions with limited information, and embraces challenging the status quo?

This could be your dream job and we'd love to meet you!

What you will be doing:

• Define, implement, and lead a global Incident Response Program that maintains a continuous state of readiness and partnerships with key groups inside and outside Elastic
• Prepare to effectively handle security events, respond to incidents, develop response plans and playbooks, train key partners, automate wherever possible, and conduct exercises (including simulation) to test response plans
• Develop and apply incident handling processes, including preparation, identification, containment, eradication, and recovery, in a forensically sound manner
• Set standards for the documentation of activities during an event, creation of security event reports, and for conducting post-event reviews
• Partner in the development of innovative approaches to detect, respond to, and eradicate advanced threats and improve overall time to respond
• Identify the root cause of events and collaborate with teams to remediate any identified control gaps or failures
• Mentor team members across the company, junior and senior, in modern incident response practices
• Communicate at all levels of the company, including Executive level

What you've done:

• Specialized in incident response, leading communication and coordination of security containment and response activities
• Familiar with tactics, techniques, and procedures commonly employed by threat actors and their motivations
• Demonstrated ability to innovate and solve critical security problems
• Think strategically and tailor appropriate messages to different levels throughout the organization
• Extraordinary verbal and written communication skills, tailoring the context of the conversation to the audience in crisis situations
• Make decisions in a crisis with limited or incomplete information
• Have a working knowledge of NIST 800-53, ISO 27001/27002, PCI DSS, Sarbanes-Oxley, and SOC standards
• Experience with using the Elastic (ELK) stack is preferred
• Response related certifications, such as GCIH, are preferred
• BS/BA degree preferred