Incident Response Manager

Job Description

Job Title: Incident Response Manager

Location: Bay Area, Ca or Houston, Tx

Duration: 1 year, cth

 

 

As the Incident Response Manager, you’ll be responsible for managing the security incident response team.  You must have knowledge across multiple IT and Information Security concepts to respond to cyber security threats swiftly and succinctly.  You will be in command of multiple major incidents, coordinating and leading the necessary people and technologies through the incident lifecycle. You are results-oriented and can work with a high degree of resilience, integrity, responsibility, attention to detail and execution.  You will also be in charge of communicating during and after the incident, conveying clear, concise messages to technical and non-technical stakeholders in accordance with the communication strategy. You have a keen ability to anticipate obstacles and questions, aiming to posture the Incident Response team proactively where possible and you will have the agility to maneuver within the complexities associated as it relates regulations, policies and procedures. 

 

What This Role Wil Do:

• Act as Incident Manager for Cyber Security related incidents including directing and managing activities related to the Incident Response Process.
• Works closely with various InfoSec teams to proactively prepare, detect, and mitigate against cyber threats utilizing industry information security best practices.
• Accountable for new process documentation, documentation updates, and continuous improvement activities as they relate to the Incident Response and communications processes.
• Own and manage the Incident Response Team internal action playbooks and knowledgebase, ensuring it is kept up-to-date and relevant to the changing cyber landscape
• Plan, organize and strategize responses to incidents and obtain useful forensic information from the evidence submitted, taking into consideration the requirements by agency regulations, federal and state laws and company policies as they apply.
• Drive incidents to resolution while ensuring timely communications in accordance with Communication Strategy.
• Conduct Lessons Learned briefings and use the findings to update processes, provide reports, close security gaps, and provide handoff tuning and monitoring actions team as appropriate. Manage career development for team members, including training and mentoring, conducting performance reviews and exhibiting behaviors to be modeled by team members.
• Plan and manage projects and delegated tasks as assigned by Leadership.
• Research and stay current on the latest trends, best practices, and technology developments.

 

What This Person Will Bring:

• Understanding of major cyber security incident practices and how to analyze and use data gathered during the investigation to aid in the decision-making process
• The ability to translate the technical information into easily interpreted content for non-technical personnel
• Experienced in managing small- and large-scale incidents that include members from technical, external and executive teams
• Practical understanding of incident response and knowing when to apply in-depth investigations and determine what data to collect at the various levels
• Understanding of digital forensic collection
• Understanding of network forensic analysis in real-time or historically, to assist with incident scoping of adversary activity and data discovery through packet captures
• Practical application of digital forensic investigative processes
• Understand malware identification and analysis
• Running containment and remediation playbooks
• Identify opportunities to collect additional evidence based on the existing security tools within the network architecture
• Working knowledge of security best practices and common threats associated with cloud computing
• Perform data analysis against large datasets utilizing various techniques to identify correlations across multiple data types including structured and unstructured data to identify adversary activity
• Track incidents from beginning to end with clear and well-organized documentation and provide high-level summary analysis to leadership during and after an incident

 

Qualifications:

• 7+ years of Information Technology management experience
• 7+ years of Information Security experience
• BA/BS in Computer Science, Information Security, or Information Systems or equivalent related work experience
• Experience working in an enterprise and management of a wide range of security tools such as IDS/IPS (network and host), advanced anti-malware (network and endpoint), DLP, encryption, anti-virus, firewalls, identity management, NAC, etc.
• Understanding of security threats, vulnerabilities, and incident response
• Basic understanding of electronic discovery and analysis including legal requirements
• Technical knowledge of Windows and Unix/Linux based operating systems
• Strong writing and communication skills.
• Experience communicating and presenting to executives.
• Strong organizational, multi-tasking, and time-management skills
• Must be willing to be available outside of normal operating hours in the event of an incident scenario
• Must be willing to work non-traditional hours which may occur over weekends and holidays in support of incidents as needed
• Exceptional ability to remain calm under stress

 

Qualifications

Job Title: Incident Response Manager

Location: Bay Area, Ca or Houston, Tx

Duration: 1 year, cth

 

 

As the Incident Response Manager, you’ll be responsible for managing the security incident response team.  You must have knowledge across multiple IT and Information Security concepts to respond to cyber security threats swiftly and succinctly.  You will be in command of multiple major incidents, coordinating and leading the necessary people and technologies through the incident lifecycle. You are results-oriented and can work with a high degree of resilience, integrity, responsibility, attention to detail and execution.  You will also be in charge of communicating during and after the incident, conveying clear, concise messages to technical and non-technical stakeholders in accordance with the communication strategy. You have a keen ability to anticipate obstacles and questions, aiming to posture the Incident Response team proactively where possible and you will have the agility to maneuver within the complexities associated as it relates regulations, policies and procedures. 

 

What This Role Wil Do:

• Act as Incident Manager for Cyber Security related incidents including directing and managing activities related to the Incident Response Process.
• Works closely with various InfoSec teams to proactively prepare, detect, and mitigate against cyber threats utilizing industry information security best practices.
• Accountable for new process documentation, documentation updates, and continuous improvement activities as they relate to the Incident Response and communications processes.
• Own and manage the Incident Response Team internal action playbooks and knowledgebase, ensuring it is kept up-to-date and relevant to the changing cyber landscape
• Plan, organize and strategize responses to incidents and obtain useful forensic information from the evidence submitted, taking into consideration the requirements by agency regulations, federal and state laws and company policies as they apply.
• Drive incidents to resolution while ensuring timely communications in accordance with Communication Strategy.
• Conduct Lessons Learned briefings and use the findings to update processes, provide reports, close security gaps, and provide handoff tuning and monitoring actions team as appropriate. Manage career development for team members, including training and mentoring, conducting performance reviews and exhibiting behaviors to be modeled by team members.
• Plan and manage projects and delegated tasks as assigned by Leadership.
• Research and stay current on the latest trends, best practices, and technology developments.

 

What This Person Will Bring:

• Understanding of major cyber security incident practices and how to analyze and use data gathered during the investigation to aid in the decision-making process
• The ability to translate the technical information into easily interpreted content for non-technical personnel
• Experienced in managing small- and large-scale incidents that include members from technical, external and executive teams
• Practical understanding of incident response and knowing when to apply in-depth investigations and determine what data to collect at the various levels
• Understanding of digital forensic collection
• Understanding of network forensic analysis in real-time or historically, to assist with incident scoping of adversary activity and data discovery through packet captures
• Practical application of digital forensic investigative processes
• Understand malware identification and analysis
• Running containment and remediation playbooks
• Identify opportunities to collect additional evidence based on the existing security tools within the network architecture
• Working knowledge of security best practices and common threats associated with cloud computing
• Perform data analysis against large datasets utilizing various techniques to identify correlations across multiple data types including structured and unstructured data to identify adversary activity
• Track incidents from beginning to end with clear and well-organized documentation and provide high-level summary analysis to leadership during and after an incident

 

Qualifications:

• 7+ years of Information Technology management experience
• 7+ years of Information Security experience
• BA/BS in Computer Science, Information Security, or Information Systems or equivalent related work experience
• Experience working in an enterprise and management of a wide range of security tools such as IDS/IPS (network and host), advanced anti-malware (network and endpoint), DLP, encryption, anti-virus, firewalls, identity management, NAC, etc.
• Understanding of security threats, vulnerabilities, and incident response
• Basic understanding of electronic discovery and analysis including legal requirements
• Technical knowledge of Windows and Unix/Linux based operating systems
• Strong writing and communication skills.
• Experience communicating and presenting to executives.
• Strong organizational, multi-tasking, and time-management skills
• Must be willing to be available outside of normal operating hours in the event of an incident scenario
• Must be willing to work non-traditional hours which may occur over weekends and holidays in support of incidents as needed
• Exceptional ability to remain calm under stress

Additional Information

All your information will be kept confidential according to EEO guidelines.