Two Sigma is seeking a highly experienced and hands-on leader who will own our incident detection and response work, including owning and managing enhancements to incident response playbooks and the overall program. This person will be responsible for testing incident response plans and processes to address existing and emerging threats. We are looking for someone that has been a technical lead or manager with a technically advanced information security team in the past. Ideally, the candidate would have an innovative and creative approach to problem solving, and will introduce new ideas and technical concepts that will help integrate this function within the framework of overall information security architecture.
- Previous technical mentorship and people management of a team of 2+ direct reports
- Experience forming and proposing detection and response strategy and architecture
- Hands-on work improving log sourcing, enrichment, and alerting
- Hands-on work as lead incident handler
- Hands-on work building tools using Python, bash, SQL, Powershell, web apps (i.e. Flask) for aggregating and reviewing security events, managing detection/logging platforms (such as OSQuery)
- Design and champion initiatives to increase network and application visibility, as necessary, to enable efficient and effective security monitoring.
- Maintain strong working relationships with Engineering groups and relevant business to maintain situational awareness of potential risks to the business.
- Collaborate with Security Engineering and act as a security stakeholder regarding how security-relevant technologies across the company are deployed and managed.
- Lead the team in developing utility-grade tools that automate the functions of threat detection, incident response and other relevant functions wherever possible.
- Coordinate response activities in partnership with other Engineering and business teams during major or high profile incidents.
- Act in an advisory capacity and as a liaison for other Engineering and business teams during third party incidents.
- Partnership with other Security and Engineering teams to maintain data safety while using cloud services – G Suite and production data analysis platforms in AWS and GCP
- Planning and executing technical work to prepare appropriate facilities for detection and response capability on cloud platforms
- Managing data exfiltration risk across internal and cloud environments, while enabling the business
- Managing forensics and Red Team functions to deliver a complete detection and response service cycle: design detection mechanisms, operate effective event review processes, execute incident response protocol, provide technical investigation/forensics for deep analysis, remediate the threat, and deliver feedback for improvement to IT management and into the detection infrastructure.