TPM, Corporate Security, Threat and Incident Response - remote
The Opportunity
We believe in a future for everyone. As we engage directly in our communities, we must work from a shared place of trust. We know that our communities care deeply about how information is collected, used, and shared, and so do we. So when CZI builds products, supports grantees, makes venture investments, and purchases services from third-parties we consider their privacy and security and at every step of the process.
We’re seeking a Technical Program Manager, Threat and Incident Response for our Corporate Security team who will be responsible for overseeing our incident response tools and processes, covering proactive planning and prevention, as well as reactive detection and remediation. You will own the development of operational playbooks, oversee the incident response process, drive our Security Incident and Event Management (SIEM) technology, and ensure appropriate logging and monitoring across the organization’s infrastructure and applications. You will drive the critical steps of the incident response, and apply learnings toward our ability to be increasingly proactive in the future. We’ve set out to build a unique corporate security program by closely partnering our engineering, security, and IT teams together rather than relying on traditional blanket enterprise controls and rigid policies.
You will
- Incident Response Process –Own the critical process steps –detection, validation, containment, remediation, and communication –for computer-based security events and incidents such as malware infections, potential compromise, Distributed Denial of Service (DDoS), etc.
- Security Incident and Event Management (SIEM) –Drive our strategy for SIEM and oversee the effectiveness of the technology and process. Involves appropriate tuning, correlation of critical logs, connection to our incident response process, and reporting of relevant metrics.
- Triage –Respond to critical security incidents and lead escalations to close with response, containment and remediation.
- Security Operations Playbooks –Create, maintain and promote a set of security operation playbooks with CZI’s Central Tech teams to effectively trigger and execute the security incident response process.
- Logging and Monitoring Across Infrastructure &Applications –Manage the current state of logging and monitoring, maintain a vision of ideal state of logging and monitoring, and drive a prioritized roadmap to reduce the gaps.
- Internal / External Engagements –Act as Information Security &Risk consultant to various IT and business driven projects and operations.
You have
- 8+ years of information security experience within a forward-leaning enterprise-style environment, including familiarity with Incident Response and Zero-Trust concepts.
- Experience with detection technologies and methodologies
- In-depth knowledge of SIEM and Log Management
- Organized, methodical, and detail-oriented, with outstanding analytical and problem-solving skills.
- Strong collaboration skills, with demonstrated ability to interact and operate, in complex cross-functional environments.
- Excellent verbal and written communication skills with the ability to effectively communicate with a diverse set of audiences of varying backgrounds.
- Passion for understanding and researching vulnerabilities and exploitation techniques
- Experience as an incident responder responsible for running large scale incidents
- Optional: Skill in malware analysis and reverse engineering
CZI believes that vaccines are one of the most powerful tools to fight COVID-19 and save lives. It aligns to our mission and work to cure, manage, and prevent disease. Proof of completed COVID-19 vaccination will be required for all employees (with the exception of reasonable accommodations due to medical or religious beliefs). All applicants coming onsite to a CZI facility are required to show proof of COVID vaccination or take an onsite COVID test.