Security Incident Response Manager

Bellevue, WA, United States
Main Location
Bellevue, WA, United States
Open jobs

The Incident Response Manager (IRM) will provide oversight for coordination, communication, and reporting of all major information security incidents.

The IRM will be engaged with the scoped incidents as soon as the issue is detected/ticket created by security response team and will notify proper audience via the established process to immediately open bridge line and engage crucial areas. As the incident progresses, the IRM ensures appropriate notes of status and decision points are documented, along with reaching out to additional areas to engage as necessary The IRM will also participate in required meetings, activities to discuss incidents and facilitate discussion around trends and early warning indicators. The IRM will work closely with organization leadership to effectively maintain and mature the security program.


  • Owns and manages the revision and enhancement of the Incident response playbook and program.
  • Serves as the incident commander for major or high-profile incidents including validating and advancing incidents, coordinating response, facilitating information sharing and conducting reporting
  • Assist with providing strategic guidance on and tracking of tools/visibility/capabilities gaps affecting Expedia Group information security posture
  • Responsible for maintaining the incident response capability which includes setting incident response strategy for the full incident response lifecycle
  • Serves as liaison between technical response and the business to minimize the impact of an incident and maintain business operations
  • Ensures alignment to the Expedia Group Incident Response Playbook and Enterprise Incident Management plan
  • Coordinates response activities in partnership with Brand Security Liaisons and other appropriate teams for high priority incidents
  • Coordinates and directs efforts among the SIRT throughout the incident response lifecycle
  • Provides timely and relevant updates to appropriate executive partners and decision makers
  • Conducts after action reporting and provides meaningful insights to guide improvements and adjustments to Expedia Group’s information security posture
  • Tests and maintains incident response plans and processes to address existing and emerging threats
  • Maintains strong working relationships with cyber fusion functions to maintain situational awareness of potential risks to the Expedia Group environment
  • Organizes, conducts and maintains documentation for executive and targeted functional table-top exercises
  • Maintains incident response retainers and provides coordination of these third parties when activated
  • Acts in an advisory capacity and as a liaison for third party incidents
  • Leads special projects related to the Enterprise Risk & Security team and company’s response program
  • Participation in after-hours incidents when required

Technical experience:

  • 7+ years of experience in information security incident handling and/or security operations
  • Experience with large scale and complex incidents of all types to include APT, DDOS, insider, web and mobile applications, data ex filtration etc.
  • Demonstrated ability to perform independent analysis of complex problems and distill relevant findings and root causes
  • A broad and deep understanding of cyber-security threats, vulnerabilities, controls and remediation strategies in global enterprise environments
  • Knowledge of technologies, systems and networks as well as typical gaps that could impact the ability of an organization to effectively detect and respond to cyber attacks
  • Demonstrated knowledge of common adversary tactics, techniques, and procedures
  • Strong foundational knowledge in information technology, to include hardware, networking, architecture, protocols, files systems and operating systems.
  • Bachelor's degree in Information Technology, related discipline or relevant work experience
  • Relevant Technical Security Certifications (ECIH GIAC, CISSP, SSCP, CISM, EC-Council, Offensive Security, etc.) a plus

Soft and organizational skills:

  • An ability to work well under pressure while maintaining a professional image and approach
  • An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, and actionable manner
  • An understanding of business needs and dedication to delivering high-quality, prompt, and efficient service to the business
  • Strong decision-making capabilities, with a validated ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
  • An ability to effectively influence others to modify their perspectives, plans, or behaviors
  • A team-focused mentality with the validated ability to work effectively with diverse partners
  • Strong interpersonal skills with proven ability to manage multiple high visibility issues at a time
  • Can-do attitude, seeking for improvement opportunities which can positively impact the security posture and the business
Help us maintain the quality of jobs posted on PowerToFly. Let us know if this job is closed.
We're a community of women leveraging our connections into top companies to help underrepresented women get the roles they've always deserved. Simultaneously, we work to build truly inclusive hiring processes and environments where women can thrive and not just survive.
Are you hiring? Join our platform for diversifiying your team