Computer Security Incident Response Team (CSIRT) manger THE COMPANY Trusted by more than 240,000 businesses worldwide, Magento Commerce is the leading provider of open omnichannel innovation to retailers, brands and branded manufacturers across retail B2C and B2B industries. In addition to its flagship open source eCommerce platform, Magento Commerce boasts a strong portfolio of cloud-based omnichannel solutions empowering merchants to successfully integrate digital and physical shopping experiences. With over $50B in gross merchandise volume transacted on the platform, Magento Commerce is the dominant provider to the Internet Retailer Top 1000, counting more than double the clients to the next closest competitor, and to the Internet Retailer Hot 100. Magento Commerce is supported by a vast global network of solution and technology partners, a highly active global developer community and the largest eCommerce marketplace for extensions available for download on the Magento Marketplace.
Magento is looking for a Computer Security Incident Response Team (CSIRT) Manager with industry experience to manage and maintain our CSIRT program. The CSIRT manager is responsible for the investigation and reporting of product security incidents for all Magento product lines. As a member of Magento’s security team, you will lead the security incident research and remediation process coordinating across Marketing, Communications, Product Development, Security, IT, Legal, and other appropriate business units. The CSIRT Manager is responsible for working information security incidents to full resolution from incident identification through incident resolution. The CSIRT Manager will to contribute to a highly visible security operations function with accountability for managing internal and external security incidents. Responsibilities include:
- Lead security incidents according to the Product Security Incident Response Policy.
- Coordinate the CSIRT efforts across multiple business units during response.
- Provide timely and relevant updates to appropriate stakeholders and decision makers.
- Provide investigation findings to relevant business units to help improve Magento’s security posture.
- Validate and maintain the incident response plan and processes used to address potential threats.
- Compile and analyze data for management reporting and metrics.
- Monitor information security related Web sites (US-CERT, SANS Internet Storm Center, etc.) and mailing lists (SANS NewsBites, etc.) to stay up to date on current attacks and trends.
- Analyze potential impact of new threats and exploits and communicate risks to relevant business units.
- Three or more years of practical experience in an incident response role
- Advanced knowledge of information systems security concepts and technologies; SIEM technologies; network architecture; general database concepts; document management; hardware and software troubleshooting; intrusion tools; malware remediation; and computer forensic tools such as EnCase and open source alternatives
- Familiarity with security regulatory requirements and standards (such as PCI, HIPPA, FFIEC, etc.)
- Advanced knowledge and experience with the Linux operating system
- Working knowledge of and experience in investigating malicious code
- Demonstrated ability to apply technical and analytical skills in a security environment
- Ability to work extremely well under pressure while maintaining a professional image and approach
- Exceptional information analysis abilities; ability to perform independent analysis and distill relevant findings and root cause
- Strong analytical writing skills to articulate complex ideas clearly and effectively; experience creating and presenting documentation and management reports
- Strong communication skills such as planning and leading effective meetings, conducting structured interviews to collect information, interpersonal and negotiation skills, and presenting to a variety of audiences
- Advanced skills to present information to stakeholders and/or decision makers in an effective and professional deliverable
WORKING FOR MAGENTO We offer a fun, open, social environment with a high degree of autonomy. You must thrive in a fast moving company and adapt to change quickly. If you are an experienced security engineer and willing to push the boundaries of your knowledge and drive your career forward, we want to hear from you soon and Magento will reward you well for your talents! Learn more about us at www.magento.com.
- Bachelor’s degree in management information systems, computer science, or related discipline is required.
- Postgraduate degrees and certificate programs in relevant areas that demonstrate analytical technical backgrounds will also be considered.
- SANS GCIH or GCFA, SANS GCIA certification(s) are preferred but not required.