Manager, Incident Response & SOC

Manage the team and activities to focus on incident response and forensics. Provide both subject matter expertise and leadership to serve as the SME security events and incident investigations
Recommend and document specific countermeasures and mitigating controls
Develop comprehensive and accurate reports and presentations for both technical and executive audiences
Build Incident Response program including training and tabletop exercises
Establish policies and processes to have a 24/7 incident response and SOC capability
Utilize cutting edge technology to conduct large-scale investigations and examine host and network-based sources of evidence.
Monitors, analyzes, and investigates the SIEM solution and Endpoint Detection and Response events for Tier 1 (triage), Tier 2 (responder), and Tier 3 (hunting) support
Monitors security dashboard alerts to identify and respond to security events.
Monitors and communicates threat intelligence from various resources that is relevant to TripActions' systems.
Participates in the response to cyber incidents by gathering data and artifacts relevant to the event.
Supervise staff, provide feedback and coaching, and grow their technical and analytics skills
Improve TripActions business processes and incident response methodologies.

Qualifications

Bachelors Degree in Computer Science or Information Systems or related field or equivalent work experience
Minimum 8-10 years of information security experience
Minimum 3 years of management experience
Technical expertise in at least three of the following areas
Windows disk and memory forensics
Network Security Monitoring (NSM), network traffic analysis, and log analysis
Unix or Linux disk and memory forensics
Static and dynamic malware analysis
Applied knowledge in at least one Scripting or development language (such as Python)
Thorough understanding of enterprise security controls in cloud and MacOS environments