Sr Incident Response Lead

Wabtec Corporation is a leading global provider of equipment, systems, digital solutions and value-added services for freight and transit rail. Drawing on nearly four centuries of collective experience across Wabtec, GE Transportation and Faiveley Transport, the company has unmatched digital expertise, technological innovation, and world-class manufacturing and services, enabling the digital-rail-and-transit ecosystems. Wabtec is focused on performance that drives progress, creating transportation solutions that move and improve the world. Wabtec has approximately 27,000 employees in facilities throughout the world. Visit the company's new website at: http://www.WabtecCorp.com.
It's not just about your career... or your job title...it's about who you are and the impact you are going to make on the world. Do you want to go into uncharted waters...do things that haven't been done to make yours and someone else's life better? Wabtec has been doing that for decades and we will continue to do so! Through our people, leadership development, services, technology and scale, Wabtec delivers better outcomes for global customers by speaking the language of industry.
Summary
You are an information security professional excited by the opportunity to be part of the team that's designing and building a Security Operations program from the ground up. You will be responsible for handling the entire lifecycle of security incidents from detection to resolution and root cause analysis. You will also develop, implement, and maintain standard documents, policies, and playbooks. In this role you will be responsible for handling and escalating security incidents and owning critical security projects.
You will act as a leader in the Enterprise Information Security organization and identify emerging threats and take/recommend appropriate actions to mitigate these risks. Identify and measure key KPIs to track the risks and effectiveness of the Cyber Incident Response program. You will help lead the US Incident Response team by training team members on threat analysis, hunting, and Incident Response processes.
Duties and Responsibilities:
In this role, you will:

• Leverage extensive experience in threat analysis, detection, hunting, forensics, and/or Incident Response.
• Lead, coordinate, and manage 24/7/365 incident monitoring, detection, and response using both internal resources and an industry leading MSSP.
• Ensure that all project milestones and goals are met and adhere to approved timelines.
• Build a threat hunting program and strategy that will mature existing IR capabilities across the company.
• Integrate disparate tools, playbooks, and procedures into a consolidated operating model, including leading or overseeing SIEM and SOAR implementation, BAS Simulations, and WAF development.
• Scope, coordinate, and execute tabletop exercises.
• Lead a team with diverse experience levels and technical capabilities.
• Mentor and train junior team members in threat analysis, threat hunting, Incident Response, and other domains.

Minimum Qualifications: (To perform this job successfully, an individual must be able to perform each essential duty satisfactorily.)

• Ability to maintain a high level of discretion and personal integrity in the exercise of duties, including the ability to professionally address confidential matters.
• Excellent communication skills with the ability to manage joint response and remediation efforts and constructively influence peers and leadership.
• Bachelor's Degree in Computer Engineering or in a STEM major (Science, Technology, Engineering, or Math) and/or a minimum of 4 years of equivalent experience.
• People focused, with a passion and drive to work on an experienced team of intelligence analysts.
• 1+ years of management or supervisory experience.
• Experienced using SIEM (Splunk) and capable of performing threat hunting.
• Experienced in conducting malware analysis.

Knowledge, Skills and Abilities:

• Understanding "hands on keyboard" experience in any of the following: Digital Forensics & Investigative Response (DFIR), threat intelligence, penetration testing, or security research.
• Ability to code as needed to solve problems and automate workflows; Python, Terraform, Chef, PowerShell.
• Hands-on experience with popular Incident Response and orchestration tools.
• Drive the design, build, implementation, and compliance monitoring of security controls.
• Professional, coherent understanding of sophisticated threat actors and their TTPs, including MITRE framework.
• Direct hands-on experience deploying/evading one or more network security monitoring technologies, including Snort, FortiGate etc.
• Experience deploying/evading host-based detection tools.
• CISSP, CEH, OSCP, or related SANS certifications preferred.
• Effective project management skills.
• Strong people management skills - providing direction, monitoring performance, motivating staff, and building a positive working environment.
• Candidate must be able to react quickly, decisively, and deliberately in high stress situations.
• Must be willing to work weekends/off-shift hours, as needed during incidents

Physical Demands: (The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.)

• Employee is required to work on a computer for up to 8 hours per day.
• Employee may be in a sitting position for several hours per day.
• Employee must be able to read small text on computer screens/monitors.
• Employee is regularly required to talk and hear.

Work Environment: (The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job.)

• The employee will normally work in a temperature-controlled office environment, with frequent exposure to electronic office equipment. During visits to areas of operations, may be exposed to extreme cold or hot weather conditions. Is occasionally exposed to fumes or airborne particles, toxic or caustic chemicals, and loud noise.

Wabtec Corporation is committed to taking on the world's toughest challenges. In order to fulfill that commitment we rely on a culture of leadership, diversity and inclusiveness. We aim to employ the world's brightest minds to help us create a limitless source of ideas and opportunities. We believe in hiring talented people of varied backgrounds, experiences and styles...people like you! Wabtec Corporation is committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, or protected Veteran status. If you have a disability or special need that requires accommodation, please let us know.