Back to Job Search

Lead CSIRT Engineer

  • Location: San Francisco, CA, 94103
  • Salary: 0.0
  • Job Type:Contract

Posted 29 days ago

  • Job Ref: 187779

Title: Lead CSIRT Engineer

Type: Contract - 6+ Months

Location: San Francisco, CA; Seattle, WA

Our client, a vacation rental online marketplace company, is seeking a Lead CSIRT Engineer. The Computer Security Incident Response Team (CSIRT) is focused on automating security detection, responding to security incidents, and working with partner teams to build capabilities that support the incident lifecycle. This is the front-line team that detects, investigates, and responds to security threats and malicious activity. While the team is not new, they are now increasing scope.

This is a key technical leadership role to define and execute the client's vision for threat detection and incident response capabilities and process while mentoring other team members. As a lead, you will have direct impact building, optimizing, and growing securing capabilities as you help deliver world-class threat detection and incident response.

Top 5 Daily Tasks and Responsibilities:

  • Investigation & Response: Perform investigations of security incidents using your knowledge and understanding of digital forensic artifacts, log data analysis and/or developing automation for investigation & response capabilities that scale.  
  • Incident Handling: Coordinate and drive resolution on a diverse range of incidents as part of an on-call team. Analyze root causes, trends and systematic issues.
  • Detection Engineering: Create and automate threat detection and hunting based on indicators observed during incident response or from other threat intelligence.
  • Technical Leadership: Help define and execute strategy for threat detection and incident response.  
  • Influence & Communication: Collaborate well with cross-functional partner teams, such as Legal, Privacy, and Engineering for efficient, large-scale response.
  • Top 3-5 Technologies Required: Prior experience in technical and leadership roles within Security and incident response teams. This should include experience with the following
    • Experience with Host/Cloud Forensics (AWS)
    • Incident management
    • Threat Intelligence
    • Threat hunting
    • Security Detection.  
  • The ideal candidate will have experience in helping to build out or improve processes/efficiencies/automate process within security - ideally related to threat detection and incident response.