Director Information Security - Incident Response
Posted on Jun 3, 2022 by Request Technology - Robyn Honquest
Director of Information Security
SALARY: $150K -$190K flex to $250k plus 20% bonus and stock
This will focus over cyber incident response team 1 direct report with 8-10 people also manage another 30 people with the MSP all SIEM Splunk SECOPS Case Management detection work Cases management playbook tuning alerts 24/7
As part of the Enterprise Security leadership team, the position will lead, manage, and grow a team that focuses on a global cyber security operations center and incident response program
You will report to the Chief Information Security Officer.
Lead, manage and mature the people, process, and technologies present in a 24x7 global security operations center.
Collaborate with stakeholders such as Disaster Recovery and Business Continuity to support security larger initiatives, assessments, and resilience testing.
Develop and direct the Enterprise Incident Response Program ensuring continuous maturity.
Define and maintain dashboards and metrics that support Incident Response Program and Cyber Security Operation Center maturity efforts.
Provide cyber security briefings, status updates, and consultancy to various audiences, including technical and executive leadership teams.
Leverage the incident response program to conduct cyber table-top simulations and educational sessions with stakeholders
Provide leadership for incident response investigations, coordinate response activity, and brief senior leaders while maintaining the confidentiality
Develop and mentor staff through open communication, training and development opportunities, and performance management processes; build and maintain a high-performing team through employee morale and motivation.
5 to 7 years. of People Management Experience
10+ years. of Experience working in Enterprise Security
Crisis management skills and the ability to manage relationships and communication channels.
Advanced critical thinking and decision-making ability, able to explain and defend a complex decision point.
Demonstrated ability to communicate complex subjects regarding strategic and tactical incident response processes to stakeholders of varying technical levels.
In-depth experience leading security incident response processes in the cloud, virtualized, and on-prem environments.
Thought leader in security engineering and operations delivery - driving visibility, automation, analytics, and advanced threat analysis.
Extensive and direct experience in high-pressure situations managing and responding to complex technical cyber security incidents.
Proven skills in various elements of incident response, including but not limited to computer intrusion investigations and digital forensics in enterprise environments.
Understanding current and emerging threats and associated countermeasures by establishing solid relationships with cyber threat teams and vendors. This includes directing a team on managing, maintaining, and increasing visibility into the organization and applying threat intelligence to proactively mitigate risk.
- Security Operations role or cyber incident response role conducting in depth investigations using internal telemetry data and open-source information to determine whether a given system or user has been compromised is required
- Working with traditional security tools, not limited to, SIEM, AV, EDR, SOAR, IDS/IPS, DLP, etc.
- IT work experience required with a broad exposure to infrastructure/network and multi-platform environments is required
- Hands-on working experience of most common operating systems including but not limited to Windows Server, Windows 10, UNIX/Linux, Apple OX, Android, iOS environments are required
- Hands-on working knowledge and experience with Splunk is required
- Splunk certifications are a plus
- Cloud Platform technologies (AWS, GCP, Azure, O365) is required
- Experience with integration between Incident Management Systems (SOAR) and SIEM in an enterprise environment is a plus
- Experience with the forensic and incident response process, reverse engineering malware and red teaming is a plus
- Experience of standard business processes including change management, problem management, work prioritization, quality assurance, and continuous improvement best practices, etc. is a plus
- Security certifications (SANS, ISC2, SEI, CFE) are a plus
- Experience with audit support and response, regulatory compliance SOX and PCI-DSS is a plus
- Higher education (Bachelor's, Masters', etc.) are a plus.