Cyber Threat Response Manager

Job Category: Cyber Threat Response Manager
Job Type: Full Time
Job Location: Bucharest

Scope of Responsibility:

The CSIRT team is responsible for the following tasks:

  • Identifying external threats through tool alerts and logs made available by the Cyber Systems and Cyber Defence teams;
  • Consuming and exploiting intelligence produced by the Cyber Threat intelligence team;
  • Reporting findings to network, regional, and local CISOs impacted by Cyber threats;
  • Providing tactical and strategic recommendations for preventative controls to the Cyber Defence and Vulnerability Management teams based upon incident response findings and trends in realized threat activity; and
  • Requesting custom development for analytics and SIEM enhancement from the Cyber Systems team.

Strategic and Technical Orientation / Job Content:

Individuals selected for this role are expected to have both extensive knowledge and managerial know-how related to the following aspects of the Cyber pillar skills matrix:

  • Experience transitioning, maintaining, or using Security Technologies such as Security Incident and Event Management (SIEM), Endpoint protection, Data Loss Prevention, Forensic tools;
  • Understanding of security technology operational industry standards;
  • Experience contributing to a central technology service organization;
  • Navigating a matrix organization; and
  • Experience collaborating with multiple stakeholders across functional and technical skillsets.

Range of Impact:

  • A 3E Level employee possesses deep knowledge and direct professional experience in a specific subject matter area or technical domain that is applied in the context of a broader understanding of CSIRT and related systems and processes. The selected individual will contribute to the development of new technical domain subject matters. A 3E resolves multi-faceted problems by applying continuously significant independent judgment through collaborating with others, and influences others through a small team of direct reports, through work on projects and in teams, and/or through leading portions of larger projects
  • Consistently demonstrates extensive-level abilities in the Incident Response space from a managerial perspective;
  • Encourages improvement and innovation within Incident Response and nurturing and developing less-experienced staff through coaching and written/verbal feedback;
  • Build and maintain relationships across the network of firms to effectively deliver incident response activities on behalf of NIS; and
  • Executes tasks aligned to CSIRT with autonomy.

Education Level:

Required: High school diploma or G.E.D.

Preferred: Undergraduate Degree (e.g., BA, BS) in Information technology or related field of study and/or completed certifications involving cybersecurity

Experience Level:

4 – 6 Years’ of progressive professional roles involving information security and/or IT management.

Other Details:

An effective CSIRT candidate will also possess the following skills:

  • Analytical: Inquisitive nature and intuition regarding what questions to ask, when, and their relative significance.
  • Technical: Broad understanding of network protocols, operating systems, data storage, and how large enterprise employs these technologies. Ability to digest and apply knowledge – distributed global IT infrastructure. Knowledge of host and network forensic artefacts and analysis techniques. Understanding at a high level of attack techniques, toolkits, and infrastructure.
  • Business: High level understanding of our business model, service offerings, and business operating environment as it pertains to the firm’s threat landscape. Ability to frame threats and exposures in a business context recognized by non-technical staff and executives.
  • Threat landscape: Knowledge of how attack techniques are used in enterprise intrusions to gain entry, gain privilege, and ultimately accomplish a nefarious objective against a victim organization.
  • Communication: Ability to leverage business communication skills to inform, persuade, and teach stakeholders across a global network of member firms’ staff and leadership to enable effective Incident Response activities and processes in line with the cyber readiness program.

Percentage of travel time:


Apply for this position

Allowed Type(s): .pdf, .doc, .docx