SHOULD YOU ACCEPT THIS CHALLENGE.....
Pure Storage (PSIRT) Security Incident Manager is responsible for scoring / re-scoring security vulnerabilities, working closely with security engineering to identify final attribution for fix/risk mitigation of security vulnerabilities, working cross functionally across teams to document and publish security advisories as required.
A successful candidate will have demonstrated experience in the lifecycle of a security vulnerability investigation, through to eventual CVE publishing if required.
This role entails a high level of cross functional engagement. A successful candidate will be task driven, very focused on task completion. In addition to responsibilities relating to security vulnerability investigation, a successful candidate will also engage in identifying and leading implementation of improvements with Produce Security Incident Response.
As a senior role within CX, a PSIRT Security Incident Manager will also lead company wide efforts in conjunction with other CX, Engineering, Legal, PR Sales resources to coordinate Pure’s response to industry wide security vulnerabilities.
PSIRT Security Incident Manager will:
- Promptly assemble and lead a cross-functional team to engage/ mitigate security incidents
- Own resolution(s) on executive-level customer and product escalations relating to security
- Drive communication with senior-level client stakeholders on a business as well at a technical level
Job Responsibilities will include:
- Act as the customer advocate in managing security risks, ensuring issues are prioritized and remediated at an appropriate velocity, and escalate to senior leadership as needed
- Lead security initiatives and serve as the central point of contact for Pure Storage Engineering, QA, Product Management to own coordination of actions associated with internally and externally identified vulnerabilities
- Collaborate with Product Engineering to prioritize resolution to security vulnerability exploits; program manage Product Security Vulnerability fix and integration (release roadmap/ and communications); document/publish internal/external messaging to communicate the status of fix/integration details to Pure Executive leadership (Estaff)
- Communicate quickly and effectively with engineers, various stakeholders, and customers about security issues as well as author technical documentation on security issues (i.e. mitigations and fixes) in a clear and easy-to-understand manner
- Drive post mortem and lessons learned on all systemic security incidents/ vulnerabilities, which may include a full follow-through, documentation, and implementation of all associated corrective actions
- Execute work against long-term goals and initiatives to support Pure Storage overall security posture and roadmap
- Strong people and project management skills with a minimum of 12 years of experience supporting Fortune 500 companies, preferably in Enterprise storage, virtualization, networking, or Enterprise applications industry
- 7+ years of Critical Incident Management experience with the ability to work in a highly-matrixed environment
- Bachelor’s degree required; equivalent experience considered
- Able to multitask, influence, negotiate, and delegate with a strong sense of urgency and accountability
- Manage crisis situations outside of normal working hours as needed
- Dedication to understanding cause and effect- ability to unravel complicated problem statements and work with cross-functional teams to determine required areas of improvement
- Ability to create policies and processes where they do not exist, develop and implement governance where required, and bring order where there is complexity and uncertainty.
- Adapt to change and effectively organize work according to business priorities
Specific technical and business problem knowledge in one or more of the following areas:
Vendor ecosystem knowledge
Enterprise Cyber Risk Management
Security Strategy and Governance
Regulatory Compliance services (FCA, PRA, GDPR)
Security Framework (NIST, ISO27001, Cyber Essentials, etc.)
Threat Intelligence Services
Certifications - hold an industry-recognized certification such as CISM, CISSP, CRISC, or equivalent
The annual base salary range is: $95,000 - $204,000. Salary ranges are determined based on role, level and location. For positions open to candidates in multiple geographical locations, the base salary range is reflective of the labor market across the applicable locations. This role may be eligible for incentive pay and/or equity. And because we understand the value of bringing your full and best self to work, we offer a variety of perks to manage a healthy balance, including flexible time off, wellness resources, and company-sponsored team events - check out purebenefits.com for more information.
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided