Remote Manager, Global Incident Response (Cyber Security) - Rh

57266
Position Summary
As the Global Incident Response Manager, you will lead the Global Incident Response (IR) team and cross-functional teams, responding to and neutralizing threats that pose a risk to the business. You will coordinate all cross-team collaboration, documentation, create and maintain relevant KPI´s, and develop runbooks/playbooks related to IR. You will work closely with the SOC/SIEM Managed Security Services Provider (MSSP) and internal service partners striving for continuous improvement.
Position Responsibilities May Include, But Not Limited To

• Oversee all people-management activities for direct reports, including establishing goals and providing mentorship for team members.
• Other projects or duties as assigned
• Participate in developing Purple Team activities to facilitate team and individual skill improvement, as well as improve security controls.
• Establish and build relationships with key stakeholders, suppliers, IT, and other departments to develop trust and gain support for ideas, proposals, or solutions to improve the organization’s security posture.
• Manage the IR team and MSSP personnel supporting IR functions.
• Respond to incidents and ensure all procedures are followed correctly to triage damage, mitigate risk to business operations, and coordinate actions and communications with both technical and business stakeholders
• Address security issues by taking a proactive approach with the data provided by the Threat Intelligence, Vulnerability Management, SOC, and Red teams to improve detection and response times.
• Identify weaknesses and strengths of security controls and work with IT to improve prevention, detection, and response capabilities.
• Review and update the Cyber Security Incident Response Plan (CSIRP) annually and on an as-needed basis.
• Drive IR continuous improvement through KPIs, operational metrics, high quality reports to technical and executive audiences, and Tabletop exercises.
• Advise and approve tuning recommendations within security products to reduce the number of false-positives and false-negatives.
• Design and engineer processes, procedures, and work instructions for all tasks related to IR and forensics.
• Operationalize a highly effective IR team through recruiting, training, and retaining talent.

Required Skills And Experience

• This position must pass a post-offer background and drug test.
• Strong interpersonal and communication skills, including the ability to interact and build trusting relationships at all levels of the company
• Experience creating reports to the Leadership as well as technical post-incident documents.
• Prior experience managing people in a large, matrixed organization, including recruiting, identifying, developing, and retaining talent
• Bachelor’s Degree in a technology related field OR 8+ years of experience in an information technology role in lieu of a Bachelor’s Degree.
• Travel – 15% - Occasional, based on team needs, training
• Ability to manage people, processes, and resources to meet strategic priorities
• Experience in Security Operations in a medium to large enterprise.
• Expertise building workflows and playbooks to facilitate the incident response process.
• Ability to lead and communicate change
• Possess strong interpersonal, prioritization, decision-making, and conflict resolution skills.
• Ability to hold self and others accountable to achieve results
• 3+ years of management experience leading team.
• 5+ years of experience in a hands-on incident response, threat hunting, or forensics role.

Preferred Skills And Experience

• Unix or Linux disk and memory forensics
• Host and network-based forensics in support of IR investigations. Master’s Degree or Graduate education in CyberSecurity.
• Relevant Industry Certifications:
• GCIH
• GCFA
• GSE
• E|CIH
• GCFE
• Desirable experience in leading Threat Intel, Threat Hunting, SOC and SIEM teams.
• Windows disk and memory forensics
• CIHE
• IRHP
• GREM
• Network traffic analysis (netflow,pcap)
• Malware analysis – both static and dynamic
• CSIH
• Log Analysis
• CISSP
• GNFA
• Familiar with at least three of the following

Physical Demands And Work Environment
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Due to the nature of our business in regard to such things as delivery schedules, order inputs, selection, and Department of Transportation Hours of Service, overtime, attendance and punctuality are essential job functions. Should an individual in this classification not be able to adhere to this requirement due to a disability, they should contact their Human Resources department to see what, if any, reasonable accommodation may be made.
As an Equal Opportunity Employer, Reyes Holdings companies will recruit and select applicants for employment solely on the basis of their qualifications. Our Practices and Procedures, including those relating to wages, benefits, transfers, promotions, terminations and self-development opportunities, will be administered without regard to race, color, religion, sex, sexual orientation and gender identity, age, national origin, disability, or protected veteran status and all other classes protected by the Federal and State Government. Drug Free Employer.