Manager, Incident Response & SOC
We are looking for a manager to build and lead a team of security engineers and analysts investigating security events and incidents. Can you think like an attacker to stay one step ahead of them, or understand the operational security controls needed to detect, remediate, and prevent compromises? TripActions is looking for our Manager, Incident Response & SOC who has a combination of hands-on technical skills, strong leadership abilities, and an eagerness to build a world-class team. Our Managers must be comfortable leading teams on challenging projects, communicating with different stakeholders, providing hands-on assistance with incident response activities, and creating and presenting high-quality deliverables.
Responsible for security operations center engineering activities that monitor, detect and alert on potential security threats and vulnerabilities to user centric threats (e.g., phishing attacks, endpoint protection events, authentication/syslog events, etc.). Works closely with other groups as security threats and vulnerabilities are detected and coordinates the response to contain and mitigate the threat to our network and assets. Coordinates the incident response process for security operations center and communicates event status to leadership.
Responsibilities:
- Manage the team and activities to focus on incident response and forensics. Provide both subject matter expertise and leadership to serve as the SME security events and incident investigations
- Recommend and document specific countermeasures and mitigating controls
- Develop comprehensive and accurate reports and presentations for both technical and executive audiences
- Build Incident Response program including training and tabletop exercises
- Establish policies and processes to have a 24/7 incident response and SOC capability
- Utilize cutting edge technology to conduct large-scale investigations and examine host and network-based sources of evidence.
- Monitors, analyzes, and investigates the SIEM solution and Endpoint Detection and Response events for Tier 1 (triage), Tier 2 (responder), and Tier 3 (hunting) support
- Monitors security dashboard alerts to identify and respond to security events.
- Monitors and communicates threat intelligence from various resources that is relevant to TripActions’ systems.
- Participates in the response to cyber incidents by gathering data and artifacts relevant to the event.
- Supervise staff, provide feedback and coaching, and grow their technical and analytics skills
- Improve TripActions business processes and incident response methodologies.
Qualifications
- Bachelor's Degree in Computer Science or Information Systems or related field or equivalent work experience
- Minimum 8-10 years of information security experience
- Minimum 3 years of management experience
- Technical expertise in at least three of the following areas:
- Windows disk and memory forensics
- Network Security Monitoring (NSM), network traffic analysis, and log analysis
- Unix or Linux disk and memory forensics
- Static and dynamic malware analysis
- Applied knowledge in at least one scripting or development language (such as Python)
- Thorough understanding of enterprise security controls in cloud and MacOS environments
- Must be eligible to work in the US without sponsorship
Additional Qualifications:
- Ability to leverage project management skills to effectively budget, scope, and execute program
- Ability to manage multiple activities and investigations and manage towards SLAs
- Ability to lead a team of highly technical security professionals
- Botnet and Denial of Service detection and remediation
- Ethical hacking and penetration testing
- Security Information and Event Management (SIEM)
- Endpoint Detection and Response (EDR)
- One or more security certifications (CISSP, GIAC, CISM, CEH, etc.)