Cybereason gives organizations the upper hand by taking an entirely new approach to cybersecurity with AI Hunting, the first AI-powered technology that answers the question “Am I under attack?” proactively, without manual effort.

We are a company that wins as one. We are daring, always evolving, and never give up. Most importantly we accept our employees for who they are and embrace people that may not fit the typical mold #UBU.

Cybereason's Global Security Practice team operates as the highest escalation tier in the Cybereason services organization. This team provides high-touch, consultancy engagements for the Cybereason customers in need. The team works with various parts of the company including: the product engineering, SOC, threat research and marketing team. 

The Director, Incident Response - AMER will lead a team responsible for handling major security incidents and developing state of the art tools in the DFIR area. Experience in security incident management and response is a must, as well as experience in managing teams in the cybersecurity space.

• Provide leadership, coaching and mentoring to staff
• Oversee the continued creation, maintenance, and improvement of the Incident Response Team, Program, and Tools
• Interface with c-suite level customers on a routine basis
• Prioritize and manage personnel assignments to ensure KPIs are met
• Regular engagement with other security teams and Security Practices teams in Japan, APAC, EMEA, and Americas 
• Regular engagement with Sales, Product, R&D, and other stakeholders on field trends, feedback, issues, and opportunities
• Proactive interaction with leadership to voice concerns, issues, or propose better solutions
• Ensure personnel process adherence and audit process completion
• Collect, Analyze, and Act on Operational Metrics and KPIs
• Develop and maintain methodology and framework of Operational Metrics, KPIs, and Incident Response process
• Deliver IR-related technical and non-technical presentations to internal and external audiences

What We're Looking For:

• Proven experience in leading Incident Response teams 
• 8+ years of direct experience in high pressure situations managing and responding to complex technical cyber security incidents.
• Experience with log parsing and data analytics platforms
• Good knowledge and understanding of Windows and Linux operating systems
• Good security knowledge of common enterprise technology such as Active Directory, Web Applications, Databases, and Systems Management
• Good knowledge of different cybersecurity frameworks and best practices
• Superb oral and written communication skills - emphasis on technical writing and customer communication

Advantage skills

Candidate with at least one of the following skills is likely to have an advantage: 

• Strong experience working with EDR
• Experience in practical use of Jupyter Notebook and Python for data analytics
• Capable of overseeing technical work and mentoring technical staff