POSITION TITLE: Cybersecurity Lead, Incident Response & SOC

POSITION LOCATION: San Carlos, CA

POSITION SUMMARY:

The Cybersecurity Lead, Incident Response & SOC is responsible for monitoring and response to all Information Security incidents (potential & actual).This role will also take critical responsibilities in attack surface management and related vulnerability testing and remediation.

PRIMARY RESPONSIBILITIES:

• Lead with with high sense of urgency, operate, scale, and optimize InfoSec Incident response, security operation, and vulnerability management capabilitiesManage security incidents proactively, including threats monitoring, hunting, identification and acting on anomalous activity based on improvement in processes, tools and techniques

• Lead and perform end-to-end incident response for all types of security events

• Perform detailed analysis and risk evaluation of incidents, vulnerabilities, attack vectors, attack surfaces and detection avoidance tactics

• Work with senior executives, regulatory authorities, and law enforcement as needed

• Manage the day-to-day operation of the SOC and attack surface management collaborating with other team members. Work with stakeholders to timely remediate vulnerabilities

• Constantly strive to improve earlier detection, response, and recovery operations by conducting a lesson learned exercise and communicating with Senior Management in IT and business

• Ensure appropriate evidence handling and chain of custody for security incidents

• Develop & enhance appropriate incident & vulnerability management dashboards in SIEM & and other tools to be able to report regularly on Vulnerability Risk and Security Incidents on an ongoing basis

• Monitor external event sources for emerging vulnerabilities, threats and attack scenarios and influence/assist the other Information Security, Engineering, and IT teams to build appropriate controls to combat these threats

• Lead Incident Response reporting to meet regulatory and compliance requirements

• Collaborate with external Threat Intelligence sources to stay ahead of the threats before they can potentially impact Natera

• Up-to-date knowledge on IR tools

• Establish and maintain excellent working relationships/partnerships with the broader IT organization and business units

QUALIFICATIONS:

• B.S. in Computer Science or related field, or equivalent experience

• Minimum of 10 years of technical & operational cybersecurity experience, which includes a minimum of 5+ years of specific experience in large enterprise cybersecurity IR, security operations, tools and processes

• Technically sound. Be able to accurately deep dive and investigate cybersecurity incidents under pressure. Deep experience in communicating cyber incidents precisely and professionally.  Muscle memory to execute with a strong sense of urgency. Be flexible to work off hours when needed. 

• Solid Incident Response experiences in complex, large enterprise environment

• Expert experiences in handling incident response to meet compliance requirements, such as HIPAA, SEC, NIST, etc.

• Current Industry certificates:  PNSE, CEH, Security+, CCNA/CCNP, CISSP, etc. preferred

KNOWLEDGE, SKILLS, AND ABILITIES:

• Excellent written and verbal communication skills; ability to convey security concepts to non-technical audiences (e.g. senior and executive management, internal customers)

• Recent experience with the AWS and Google security stack 

• Knowledge of operating systems (UNIX/Linux, MacOS X and Windows) and of database management systems (Oracle, SQL Server, etc.)

• Experience with Security Event Information Management systems (SIEM), and Log Aggregation systems

• Experience with Security Vulnerability Management tools

• Experience with virtualization and cloud-based (AWS) networks

• Capable of performing network forensics and ability to read packet captures

• Experience with both Open Source and COTS Security Monitoring & Incident Response Tools