PSIRT Security Incident Manager - Pure Storage Mountain View, California, United States Bookmark Share Print 380 0 0

Listing Description

 


SHOULD YOU ACCEPT THIS CHALLENGE.....


Pure Storage (PSIRT) Security Incident Manager is responsible for scoring / re-scoring security vulnerabilities, working closely with security engineering to identify final attribution for fix/risk mitigation of security vulnerabilities, working cross functionally across teams to document and publish security advisories as required.   


A successful candidate will have demonstrated experience in the lifecycle of a security vulnerability investigation, through to eventual CVE publishing if required.


This role entails a high level of cross functional engagement.  A successful candidate will be task driven, very focused on task completion.  In addition to responsibilities relating to security vulnerability investigation, a successful candidate will also engage in identifying and leading implementation of improvements with Produce Security Incident Response.  


As a senior role within CX, a PSIRT Security Incident Manager will also lead company wide efforts in conjunction with other CX, Engineering, Legal, PR Sales resources to coordinate Pure’s response to industry wide security vulnerabilities.


 


PSIRT Security Incident Manager will:



  • Promptly assemble and lead a cross-functional team to engage/ mitigate security incidents

  • Own resolution(s) on executive-level customer and product escalations relating to security 

  • Drive communication with senior-level client stakeholders on a business as well at a technical level



Job Responsibilities will include:  



  • Act as the customer advocate in managing security risks, ensuring issues are prioritized and remediated at an appropriate velocity, and escalate to senior leadership as needed

  • Lead security initiatives and serve as the central point of contact for Pure Storage Engineering, QA, Product Management to own coordination of actions associated with internally and externally identified vulnerabilities

  • Collaborate with Product Engineering to prioritize resolution to security vulnerability exploits; program manage Product Security Vulnerability fix and integration (release roadmap/ and communications); document/publish internal/external messaging to communicate the status of fix/integration details to Pure Executive leadership (Estaff)

  • Communicate quickly and effectively with engineers, various stakeholders, and customers about security issues as well as author technical documentation on security issues (i.e. mitigations and fixes) in a clear and easy-to-understand manner

  • Drive post mortem and lessons learned on all systemic security incidents/ vulnerabilities, which may include a full follow-through,  documentation, and implementation of all associated corrective actions  

  • Execute work against long-term goals and initiatives to support Pure Storage overall security posture and roadmap


 

WHAT YOU NEED TO BRING TO THE TEAM


  • Strong people and project management skills with a minimum of 12 years of experience supporting Fortune 500 companies, preferably in Enterprise storage, virtualization, networking, or Enterprise applications industry

  • 7+ years of Critical Incident Management experience with the ability to work in a highly-matrixed environment  

  • Bachelor’s degree required; equivalent experience considered

  • Able to multitask, influence, negotiate, and delegate with a strong sense of urgency and accountability

  • Manage crisis situations outside of normal working hours as needed 

  • Dedication to understanding cause and effect- ability to unravel complicated problem statements and work with cross-functional teams to determine required areas of improvement

  • Ability to create policies and processes where they do not exist, develop and implement governance where required, and bring order where there is complexity and uncertainty. 

  • Adapt to change and effectively organize work according to business priorities


Technical Skills:




  • Specific technical and business problem knowledge in one or more of the following areas:





    • Vendor ecosystem knowledge




    • Enterprise Cyber Risk Management




    • Security Strategy and Governance




    • Regulatory Compliance services (FCA, PRA, GDPR)




    • Security Framework (NIST, ISO27001, Cyber Essentials, etc.)




    • Threat Intelligence Services





  • Certifications - hold an industry-recognized certification such as CISM, CISSP, CRISC, or equivalent




The annual base salary range is: $95,000 - $204,000. Salary ranges are determined based on role, level and location. For positions open to candidates in multiple geographical locations, the base salary range is reflective of the labor market across the applicable locations. This role may be eligible for incentive pay and/or equity. And because we understand the value of bringing your full and best self to work, we offer a variety of perks to manage a healthy balance, including flexible time off, wellness resources, and company-sponsored team events - check out purebenefits.com for more information.






 



Listing Details

  • Citizenship: Not Provided
  • Incentives: Not Provided

 

  • Education: Not Provided
  • Travel: Not Provided
  • Telework: Not Provided

About Us

NinjaJobs is a community-run job platform developed by information security professionals. Our unique approach of focusing strictly on cybersecurity positions allows us to personalize the user experience.

Useful Links

Our Contacts

1765 Greensboro Station Pl.
Suite 900
Tysons Corner Va 22102

(703) 594-7765

requests@ninjajobs.org
www.ninjajobs.org
Chat with us!