Senior Incident Response Manager (Menlo Park, CA) #4262

Responsibilities

• Incident Response Leadership:
• Lead end-to-end incident response, from identification to containment, eradication, and recovery.
• Develop, maintain, and execute IR playbooks and runbooks aligned with NIST 800-61, CIS, and ISO 27001 standards.
• Oversee threat hunting activities to proactively identify vulnerabilities and threats.
• Security Monitoring & Detection:
• Manage SIEM platforms, intrusion detection systems, and anomaly detection tools for real-time analysis.
• Implement monitoring for hybrid environments (AWS, GCP, Azure, on-prem).
• Conduct regular threat analysis, vulnerability assessments, and risk evaluations.
• Collaboration with Platform Engineering Teams:
• Integrate security into CI/CD pipelines and DevSecOps processes.
• Work closely with DevOps and SRE to enhance infrastructure resilience, automation, and fault tolerance.
• Drive security improvements in container orchestration (Kubernetes, Docker) and infrastructure as code (Terraform, Ansible).
• Forensic Analysis & Reporting:
• Conduct forensic investigations on affected systems, collecting and preserving evidence.
• Produce executive-level incident reports and technical root-cause analyses.
• Present findings to senior leadership and stakeholders, highlighting risk mitigation strategies.
• Root Cause Analysis (RCA):
• Internal RCA: Lead comprehensive root cause analysis for all major incidents within internal systems and infrastructure, ensuring complete documentation and follow-up action items.
• Third-Party RCA: Collaborate with third-party vendors to perform joint RCAs, ensuring transparency, accountability, and timely resolution of incidents affecting shared infrastructure or services.
• Maintain RCA reports, track corrective actions, and enforce SLAs with third-party partners for incident resolution.
• Policy Development & Compliance:
• Design and enforce security policies and incident response procedures.
• Ensure alignment with compliance frameworks (NIST, HIPAA, CIS, SOC2, GDPR).
• Lead tabletop exercises and red team/blue team drills.
• Continuous Improvement & Automation:
• Identify opportunities for automation to improve incident detection and response time.
• Implement SOAR (Security Orchestration, Automation, and Response) platforms to optimize workflows.
• Stay current with evolving cybersecurity threats, technologies, and best practices.

Preferred Qualifications

• Education: 
• Bachelor’s degree in Cybersecurity, Information Technology, or related field (Master's preferred) or equivalent
• Experience:
• 7+ years of experience in Incident Response, Cybersecurity Operations, or DevSecOps.
• Strong background in DevOps, SRE, and cloud security best practices.
• Proven expertise in SIEM tools (Splunk, Sentinel, Elastic), EDR (CrowdStrike), and IDS/IPS systems.
• Familiarity with Terraform, Ansible, VMWare, Kubernetes, and Docker in high-availability environments.
• Experience with threat intelligence platforms and SOC operations.
• Demonstrated experience in conducting and managing Root Cause Analysis (RCA) both internally and with third-party vendors.
• Certifications (highly preferred):
• CISSP, CISM, GCIA, GCIH, OSCP, or equivalent.
• AWS Certified Security Specialist, GCP Professional Cloud Security Engineer, or Azure Security Engineer.
• Technical Skills:
• Advanced scripting (Python, Bash, PowerShell).
• Familiarity with Zero Trust architecture and network segmentation.
• Experience with vulnerability scanners (Qualys, Nessus, OpenVAS).
• Soft Skills:
• Exceptional analytical and problem-solving abilities.
• Strong leadership and team collaboration skills.
• Effective communication with technical and non-technical stakeholders.