Threat And Incident Response Manager

Airbnb, Inc. San Francisco , CA 94118

Posted 2 months ago

We are looking for an experienced Manager to lead and manage our Threat Intelligence and Incident Response (TIR) team and help protect the company. This team is one of the two groups in the Computer Security and Incident Response Team (CSIRT). As Threat and Incident Response Manager, you will work with Incident Response Analysts to lead large-scale, cross-functional projects throughout the organization as well as manage incident and threat response efforts.

You will be managing the following team:

  • Threat Intelligence and Response puts heavy emphasis on automation and high-fidelity rules with enough context to be triaged via a mobile application. They work on translating raw intelligence from public and commercial threat reports into actionable detection rules that focus on TTPs. They utilize MITRE's ATT&CK framework to reason about breadth, depth and areas for improvement. They carefully reason about what they are uniquely positioned to do and where they can leverage industry partners and vendors.

The team puts heavy emphasis on automation and high-fidelity rules with enough context to be triaged via a mobile application.

For more details, see our Job Description for Threat Intelligence and Response engineers here.

Relevant Experience:

  • People Development: You have multiple years of experience in people management. You are an effective career coach and can provide mentorship and feedback. You enjoy investing in your teammates and developing career progression plans with them, helping them reach their highest potential.

  • Team Development: You are an effective leader that focuses on efficiency and delivering on expectations. You play an active role in identifying and recruiting junior and senior candidates. You understand when to get your hands dirty and contribute and when to delegate and grow your teammates.

  • Technical Leadership: You have experience in developing and communicating strategies that team(s) execute on. You don't wait for things to happen to you, you make things happen. You have multiple years of experience in detecting and responding to attacks. You can quickly discern between false positives, true positives, broad crimeware attacks, APT attacks, and know the most effective ways of dealing with the swaths of risks and threats that face a business. Since this is a small team, you're capable of strong individual contributions.

  • Influence & Communication: You have strong written and verbal communication skills. You can dive into the details with engineers but also speak at the appropriate altitude when working with other organizations and leaders. You have empathy and seek to understand when communicating. This enables you to effectively identify the best path forward and influence how you approach a problem, as well as how other teams may prioritize supporting your work.

Areas of future and continued investment:

  • Data science, analytics, machine learning

  • Host, container, and network instrumentation

  • Big Data, ETL, AWS Athena

  • Serverless Technologies including AWS Lambda and AWS Kinesis

The following are skills and experiences that are relevant to us:

  • Experience with AWS (Lambda, Kinesis, S3, SNS, SQS, EC2, ...)
  • Experience in Software development (Python, Ruby, Golang, Java, C/C++, )
  • Familiar with version control (Git / Mercurial / SVN)
  • Familiar with Logging infrastructure (Syslog, Fluentd, Logstash)
  • A desire to dive into Big Data, Data Science, Analytics, Machine Learning


  • Stock

  • Competitive salaries

  • Quarterly employee travel coupon

  • Paid time off

  • Medical, dental, & vision insurance

  • Life insurance and disability benefits

  • Fitness Discounts

  • 401K

  • Flexible Spending Accounts

  • Apple equipment

  • Commuter Subsidies

  • Community Involvement (4 hours per month to give back to the community)

  • Company sponsored tech talks and happy hours

  • Much more...

Apply Now

See if you are a match!

See how well your resume matches up to this job - upload your resume now.

Find your dream job anywhere
with the LiveCareer app.
Download the
LiveCareer app and find
your dream job anywhere

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Engineering Manager Security Incident Detection And Response


Posted 2 weeks ago

VIEW JOBS 10/31/2018 12:00:00 AM 2019-01-29T00:00 At Lyft, community is what we are and it's what we do. It's what makes us different. To create the best ride for all, we start in our own community by creating an open, inclusive, and diverse organization where all team members are recognized for what they bring. The mission: Empower the company to sustain, respond and recover automatically from external and internal attacks. Lyft's security team is growing rapidly and we are looking for an experienced engineering manager to lead our security and privacy incident detection & response team. The ideal candidate can think both tactically in dealing with security incidents and strategically in anticipating future threats against our data and infrastructure, all while working at internet-scale. The ability to communicate, mentor and guide engineers and analysts will be a critical in order to be successful. Responsibilities: As a direct report to the Chief Information Security Officer, you will have the following responsibilities: * Partner with IT, Engineering, Legal, HR, PR, Risk, Law Enforcement and other internal and external resources to ensure security incident response processes and tools are in place to manage security incidents and to meet business objectives and regulatory requirements * Lead a team of engineers and analysts in the detection and resolution of security incidents. * Establish and maintain security and privacy incident response runbooks. * Work with engineering teams to ensure logs are standardized and available. * Communicate risk to both technical and non-technical leaders across the business. * Build scalable, leading edge access anomaly detection systems. Experience & Skills: * Experience recruiting, leading and growing technical teams * Experience in threat detection, forensics, incident response or a related field. This may include software development, threat intelligence, or other related endeavors. * Experience translating technical concepts into language that is relevant to many audiences, including software engineers, business and technical leaders and external security community members and press. * Experience with incident detection and response in cloud-first environments * Experience leading large scale incidents with a variety of cross-functional stakeholders * Successful candidates for this key role must have a high degree of integrity and capacity to work independently, under tight time constraints and high pressure Lyft is an Equal Employment Opportunity employer that proudly pursues and hires a diverse workforce. Lyft does not make hiring or employment decisions on the basis of race, color, religion or religious belief, ethnic or national origin, nationality, sex, gender, gender-identity, sexual orientation, disability, age, military or veteran status, or any other basis protected by applicable local, state, or federal laws or prohibited by Company policy. Lyft also strives for a healthy and safe workplace and strictly prohibits harassment of any kind. Pursuant to the San Francisco Fair Chance Ordinance and other similar state laws and local ordinances, and its internal policy, Lyft will also consider for employment qualified applicants with arrest and conviction records. Lyft San Francisco CA

Threat And Incident Response Manager

Airbnb, Inc.