TripActions – Incident Response Lead

As an Incident Response (IR) Lead, you will be a hands-on incident responder actively investigating cases involving end points SaaS, public cloud, and hybrid environments. When not actively leading or participating in an incident, you will be threat hunting. Due to the nature of IR, we are looking for someone who is technically proficient and can effectively communicate with leadership, managers and individual contributors during an IR situation. In addition, you will be responsible for the strategic direction of the IR function, working closely with the Privacy and Legal teams.

Reporting into the Sr Manager, Detection & Response, the ideal candidate will be responsible for responding to security threats against our enterprise and production environments. This is a lead role, which is involved in all aspects of the incident response life cycle and the process of responding to a security incident. You will also help with detection engineering to improve logging coverage, security tools tuning, suggest ideas and contribute to the new signals development process and automation to detect and respond to threats automatically and at scale.

Your responsibilities:

• Manage investigations including organizing unstructured work and engaging resources across the company.
• Manage urgency and visibility to ensure timely response by all involved parties.
• Conduct IR analysis, network log and network PCAP analysis, and other investigation related activities in support of IR.
• Respond to critical incidents, threats, vulnerabilities and bring these issues to resolution.
• Communicate/coordinate with internal and 3rd party teams during high severity incidents.
• Orchestrate & conduct table-top exercises.
• Develop incident playbooks and repeatable methods for managing and responding to malicious activities across networks, systems, and products.
• Design, document, and implement IR processes, procedures, guidelines, and solutions.
• Deliver technical and executive level reports and metrics on IR issues.
• Work together with the Cyber Defense and Cyber Detect teams.
• Forensically analyze end user systems and servers found to have possible indicators of compromise.
• Identify security incidents through threat hunting operations within a SIEM and other relevant tools.
• Perform basic programming and script development in support of/as needed for IR