Cyber Threat Incident Response Lead
Oakland, CA or Remote
*Can be 75% remote and 25% onsite (company paid travel) for the right candidate*
The Cyber Threat Incident Response Lead is responsible for security incident response at Company of California, including leading active security investigations, coordinating responses to security incidents, and performing forensics on IT systems. The Lead is a senior position on the team responsible for delivering the Security Threat Management, Digital Forensics, and Appropriate Use Risk Event Management services. That team predicts, detects, and responds to risk events corresponding to cyber security and acceptable use threats. Primary objectives for the role will be to minimize the impact of active security incidents through innovative approaches to incident response and to minimize the probability of security incidents through proactively improving our ability to prevent, detect, disrupt, investigate, respond to, and recover from those cyber risk events.
How you will make an impact:
- Lead incident response activities, including leading active investigations, coordinating response to security incidents, and performing forensics on IT systems.
- Coordinate with business continuity planning, disaster recovery, privacy, legal, law enforcement, IT, and other stakeholders in responding to and recovering from cyber security incidents.
- Build, maintain, and execute forensically sound procedures to gather and handle digital and/or physical evidence concerning incidents..
- Set standards for the documentation of activities during an incident, creation of security incident reports, and for conducting post-incident reviews.
- Establish templates and job aids for all stakeholders who may engage in the incident response process.
- Drive continuous improvement through active collaboration with threat simulation, vulnerability management, and security architecture teams.
What we are looking for:
- Spearhead the development of innovative approaches to detect, respond to, and eradicate advance threats; improve overall time to respond and eliminate threats; and increase effectiveness of analysts, including, but not limited to integration of innovative methodologies to understand attacker behavior, adoption of ML to support decision analysis, and implementation of orchestration.
- Collaborate with other risk event management roles, including threat intelligence, platform engineering, event analysis, Real Time forensics, content development.
- Maintain core service documentation.
- Proactively identify service improvement opportunities.
- Mentor team members, junior and senior, in state-of-the-art incident response practices.