Security Operations Incident Manager
Location:Austin, Texas, US
Additional Location(s)Chicago, IL
Area of InterestEngineer - Software
Security Operations Incident Manager
Who You Are
- The Security Operations and Incident Response Manager is responsible for running in best-in-class security operation to monitor and respond to security threats and events. You will be in charge of building out the tooling, alerting, tuning, ensuring the right data is being logged and guiding & training engineers to monitor all the security incidents. And make sure the senior incident response team who can help manage and resolve all levels of events. This person will also be responsible for driving all the security incidents until closure and communicating to the management, stakeholders and Customers.
- Prior experience working in a fast-paced environment and attention to detail are key. Familiarity with current information security threat landscape and available threat intelligence sources is necessary, as is previous experience working in incident response or security operations. Position requires collaboration with other team members in a Security Operations Center environment.
- self-motivated individual who is dedicated to exceeding expectations, be willing to contribute to team efforts and possess strong communication skills, in addition to possessing the following technical abilities:
- Serve as the leader of SOC/IR focused on building and maintaining systems that allow us to operate securely at scale by collecting, analyzing, and alerting on anomalous activity
- Monitoring for suspicious activity, investigating, and responding appropriately while identifying security weaknesses and ensuring reasonable resolution timelines
- Think strategically about security improvements and help oversee delivery
- Build relationships with other teams to influence positive security change
- Support and empower ownership within the teams of the full lifecycle, quality, and provability of our security controls from creation to operation
- Drive innovation across our security stack
- Regularly evaluate our environment, capabilities, and processes through table-top and real-world testing
- Bring all our security relevant data together to allow for full situational awareness
- Good Interpersonal Communication Skills and you are willing to work with remote teams.
- Efficient and Creative: You should be able to think creatively to find the optimal solution to problems.
What you’ll do:
- Strong project management experience
- Proven track record of leading Detection and Response (D&R), CSIRT, Vulnerability Management, Security Engineering.
- 10+ years of experience in security, with 5 or more of those years spent in management roles
- Experience working at scale in a rapidly growing environment with an "automate all the things" approach
- Strong ability to get key points across via text in the form of design docs, emails, communications etc
- Experience designing, implementing and troubleshooting network security for enterprise customers
- Experience in managing Customer relationships
- Analyzing complex and/or sensitive events detected in Cloud(AWS) environments
- Resolving or escalating the event as appropriate, providing feedback into our threat detection platforms and processes in order to increase the detection fidelity and accuracy of our defense solutions
- Provide guidance to SaaSOps & SecOps engineers and be the go-to person for all critical issues.
- Maintain strong customer rapport and excellent timely communication.
- Drive department best practices, guidelines implementation and adhering to standards.
- Experience building and maintaining ITIL methodology.
- Expert level understanding of the TCP/IP protocol suite
- System administrator-level expertise in multi-user operating systems including multiple UNIX variants and Microsoft Windows
- Knowledge of both host and network-level forensics using AWS Security Services - IAM, GuardDuty, Security Hub,etc.. and Cisco Stealthwatch Cloud (as examples)
- Experience analyzing malware using COTS or open-source technologies
Good to have
- AWS Certified Security – Specialty
- ITIL Certifications
- Program Management
Who you'll work with:
- The CX SaaS & SoC Operations, part of the CX Engineering seeks a highly motivated Security Incident Manager to join some of the industry's brightest minds in supporting the platform and CX Applications that are being built and planned. You will work with the CX Applications and CX Platform team to make sure we provide world class Support for best Customer Experience. This is a critical role that requires us to work with various other organizations outside of CX.
- #WeAreCisco, where each person is unrivaled, but we bring our talents to work as a team and make a difference. Here’s how we do it.
- We embrace digital, and help our customers implement change in their digital businesses. Some may think we’re “old” (30 years strong!) and only about hardware, but we’re also a software company. And a security company. A blockchain company. An AI/Machine Learning company. We even invented an intuitive network that adapts, predicts, learns and protects. No other company can do what we do – you can’t put us in a box!
- But “Digital Transformation” is an empty buzz phrase without a culture that allows for innovation, creativity, and yes, even failure (if you learn from it.)
- Day to day, we focus on the give and take. We give our best, we give our egos a break and we give of ourselves (because giving back is built into our DNA.) We take accountability, we take ambitious steps, and we take difference to heart. Because without diversity of thought and a commitment to equality for all, there is no moving forward.
- So, you have colorful hair? Don’t care. Tattoos? Show off your ink. Like polka dots? That’s cool.