Senior Manager, Cybersecurity Incident Response Team (geico)

GEICO is seeking an experienced Senior Manager with a passion for helping to defend and protect our business, brands, and customers from cybersecurity threats. You will be responsible for managing GEICO’s Cybersecurity Operations Center (SOC) and for leading your team in responding to and mitigating cybersecurity threats, including containing and eradicating adversarial threats on information systems and networks. You will build and manage a team of forensic engineers and investigators, and work as part of GEICO’s Cyber Fusion Center to drive the transformation of GEICO’s cybersecurity program. 

Position Description:

​Our Senior Manager will have a broad understanding of technology, attack and defensive techniques, and incident command, and demonstrated experience in leading teams to hunt for cybersecurity threats across systems and networks, investigate and forensically analyze and assess suspicious security events, and respond to contain and eradicate confirmed threats. They will be data-driven and seek to apply an engineering mindset to the problems of scale, automation and effectiveness, and look to continually assess and improve the efficiency and effectiveness of their team’s response. They will work closely with other Cyber Fusion Center leaders to deliver on our vision for a unified, common operating picture that merges threat intelligence, security telemetry, behavioral analytics, and other signals into clear, actionable intelligence and business insights that drive timely and effective response, blocking threat vectors before harm can occur, and ensuring timely mitigation and recovery when it does occur.

Position Responsibilities  

​​As a Senior Manager, you will:  

• Apply your technical expertise to lead your team in building and maintaining GEICO’s Cybersecurity Incident Response Team (CSIRT) – our Security Operations Center (SOC). 

• Lead the CSIRT team to detect, investigate, and mitigate cybersecurity threats to closure, and provide actionable business insights to business, engineering, security, and support teams as a result of learnings from these. 

• Identify and address issues where technical or analytical skill, or capability gaps, would likely put future response effectiveness at risk. 

• Collaborate with Cyber Fusion Center partner teams to understand challenges of response operations, performance, and resiliency; formulating strategies to address issues in a sustainable way. 

• Define, report and meet measurable metrics that are focused on continuously improving efficiency, effectiveness, and timeliness of response, and present detailed and implementable plans for areas to improve response. 

• ​Facilitate an inclusive and mutually supportive team culture that encourages team members to share knowledge, perspectives, and learn new technologies. 

• Support, assess, and grow the performance of your team members; fostering relationships within your team to create a culture of trust that positively motivates them to achieve more for themselves, GEICO, and our customers. 

• Motivate and coach others – especially your team and peers – to be receptive to feedback that encourages them to personally and professionally grow from their experiences (i.e. “growth mindset”). 

• Be a visible and inclusive thought leader in cybersecurity detection and response. 

• This is a critical support position and requires a high degree of on-call availability outside of normal business hours. 

Qualifications:

• ​​8+ years of experience in leadership positions. 

• 5+ years’ experience supervising and leading cybersecurity response teams within a 24x7 Security Operations Center (SOC) or similar. 

• 5+ years’ experience with incident response and digital forensics, including substantial experience in threat hunting or threat intelligence. 

• 5+ experience in operating and working within security response operations systems, such as SIEM and SOAR systems, and using metrics to understand challenges and to drive durable improvements in response effectiveness and efficiencies. 

• Demonstrated experience in leading an incident team through the incident lifecycle to closure and after-action review. 

• Demonstrated experience in coaching and mentoring engineers and analysts for improved performance and team dynamics 

• Knowledge of cloud computing technologies and concepts (Saas, Paas, IaaS, etc.), and infrastructure functions including network, distributed compute, storage, and server infrastructure, etc. 

• Knowledge of business continuity, disaster recovery, and resiliency. 

• Demonstrated ability to work under pressure and make decisions in challenging situations, along with critical thinking, judgement, and problem-solving skills. 

• Demonstrated high level written and oral communication skills.