Security Incident Response Team Manager - London
London
Box
Box empowers your teams by making it easy to work with people inside and outside your organization, protect your valuable content, and connect all your apps.- People leadership supporting a great team of security analysts and specialists.
- Maturing incident response processes.
- Working across multiple teams including engineering, legal, communications and technical operations.
- Ensure logging health, identifying and remediating coverage gaps.
- Working with our threat intelligence, purple team and detection team to validate and remediate cyber security incidents.
- Support the Product Security Team by providing analysis of Bug Bounty reports and other product security issues.
- Building an incident response team roadmap.
- Experience working with Legal, HR, Compliance, Technical Operations in a SaaS or Large Enterprise Environment
- Proven track record as a tech lead or people manager with the ability to multi-task
- Bachelor's degree in a technical, engineering or IT related field or equivalent and 5+ years related experience (bonus points for Master's in a technical field)
- Industry Recognized Security Certifications like Splunk Certifications, CISSP, GCIA, GCIH, GREM
- Incident Response and Incident investigation:
- MacOS Environments
- Container Security (Docker, Kubernetes)
- Endpoint Security (Crowdstrike, Endgame, CarbonBlack, OSQuery)
- Public Cloud Security (AWS, Microsoft Azure, Google Cloud, etc)
- On-premise IaaS Security (Kubernetes, OpenStack, VMware, Hyper-V, etc)
- Network IDS/IPS (Bro, Surricata, Snort)
- Host-level Security using technologies like auditd, osquery, Linux system logs, Windows event logs, etc.
- Web Application Security (OWASP Top 10)
- Relentless automation (we have a pretty sweet SOAR platform and have a dedicated automation team).
- Scripting (python, bash, zsh, powershell, etc)
- Formal security models like MITRE ATT&CK or CIS Critical Security Controls
- Security Visualization and defining Security Metrics
- Advanced experience with Splunk, Splunk Processing Language (SPL), or other query languages
- Strong written and verbal communication skills
- Ability to de-escalate high-pressure situations, synthesize the big picture and be able to rapidly\accurately communicate with both technical and non-technical stakeholders
- Passionate about supporting, leading and mentoring team with a track record of building highly effective teams
- Experience of setting team OKR's and KPI's
- Experience securing cloud deployments involving AWS, Docker, Hashicorp tools, Kubernetes and Serverless architectures like Lambda
- Prior work experiences in dev ops, software engineering or sys admin roles
- Visualization and machine learning experience
- Prior experience working in a global environment
- Prior open source contributions
Tags: Application security Automation AWS Azure Bash CISSP Cloud Compliance DevOps Docker Endpoint security GCIA GCIH GCP GREM Hyper-V IaaS IDS Incident response IPS Kubernetes Lambda Linux Machine Learning MacOS MITRE ATT&CK Open Source OpenStack OWASP PowerShell Privacy Product security Python SaaS Scripting Snort SOAR Splunk Threat intelligence VMware Windows
Perks/benefits: Career development Fitness / gym Health care Lunch / meals Salary bonus
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Security Operations Engineer jobs
- Open Senior Security Analyst jobs
- Open Cyber Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Security Specialist jobs
- Open Security Researcher jobs
- Open Chief Information Security Officer jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open CISM-related jobs
- Open Pentesting-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open DevSecOps-related jobs
- Open CI/CD-related jobs