Cyber Incident Commander
Description:
Leading the future in luxury electric and mobility
At Lucid, we set out to introduce the most captivating, luxury electric vehicles that elevate the human experience and transcend the perceived limitations of space, performance, and intelligence. Vehicles that are intuitive, liberating, and designed for the future of mobility.
We plan to lead in this new era of luxury electric by returning to the fundamentals of great design – where every decision we make is in service of the individual and environment. Because when you are no longer bound by convention, you are free to define your own experience.
Come work alongside some of the most accomplished minds in the industry. Beyond providing competitive salaries, we’re providing a community for innovators who want to make an immediate and significant impact. If you are driven to create a better, more sustainable future, then this is the right place for you.
Cyber Incident Commander
The Cyber Security & Compliance team is looking for an Incident Commander to join the team.
Responsibilities:
Lead incident response activities as per Lucid IRP (Incident Response Plan) including scoping, communication, reporting, and long-term remediation planning.
Define the incident management team's objectives and ensure cross department collaboration to fix incidents in a time-boxed fashion.
Manage the incident response teams by delegating responsibilities and ensure systematic functioning under pressure.
Structure, manage, and deliver briefings to CISO, Legal, upper management and other stakeholders
Plan and control communications when managing a major cyber incident. Set up communication channels, inviting the appropriate people into those channels during an incident, and train team members on best practices for not only incident management, but also communication during an incident.
Understanding types and contents of incident reports both during and post closure
Coordinate investigation, containment, and other response activities with business stakeholders and groups
Ensure detailed incident report documentation aligned to the IRP as required and ticketing.
Provide mentoring of junior staff and serve as point of escalation for higher severity incidents.
Develop incident analysis and findings reports for management, including gap identification and recommendations for improvement.
Research, develop, and enhance content within SIEM, EDR, UEBA and other tools.
Provide technical leadership and conduct incident response engagements.
Enhance and maintain organization-wide cybersecurity monitoring capabilities, including logging, reviewing, and responding to alerts/issues.
Perform hands-on, sophisticated digital forensic, host-based or network analysis during an investigation.
Oversees the SIEM operations to facilitate configuration of proper alerts, notifications, and dashboards.
Manages the development and continuous improvement of security monitoring playbooks.
Oversees the collection of intelligence feeds from relevant sources (e.g., commercial, open-source feeds) and direct the integration with security monitoring and security information and event management (SIEM) systems.
Manages, reviews, and disseminates threat intelligence reports as requested.
Ensures appropriate identification and communication of vulnerabilities to applicable stakeholders.
Coordinates with relevant teams (e.g., Legal) to drive compliance with applicable regulatory requirements for security incidents.
Maintain incident management program documentation, including incident response runbooks.
Minimum Qualifications:
5+ years of leading information security incident response and coordinating incident response for critical cyber events.
5+ years of experience communicating risk and impact due to a cyber security incident and periodic updates to the CISO, Legal Counsel and upper management.
5+ years of experience working in a Cyber Security Operations Center (in-house or outsourced) or a cyber incident response team in a leadership role leading incident response as per the incident response plan (IRP).
5+ years of leading incident investigations and performing the role of incident commander / coordinator.
5+ years of collaborating with IT and Engineering stakeholders to drive incident response and remediation.
5+ years performing root cause analysis of recurring incidents and implementing lessons learned during an incident to help improve Lucid’s security maturity.
5+ years of driving incident response and incident handling processes.
5+ years of working with security tools such as SIEM, Analytics & Intelligence, Firewall/IDS/IPS, Intrusion Detection, Malware detection, Data Loss Protection, and Identity & Access Management
Preferred Qualifications:
Bachelors Degree
Ability to delegate work to team members and provide clear and effective guidance on implementation of processes.
Understanding and technical knowledge of threat detection/security monitoring, security incident and threat intelligence, SOC
Relationship building skills.
Confident decision-makers with strong problem-solving skills.
Good listeners, well-versed in gathering, synthesizing, and prioritizing expert recommendations.
Strong communication skills
Experience working with a major cloud based or on-prem SIEM product (Splunk, ArcSight, QRadar, Sentinel, Securonix, LogRhythm, etc.)
Ability to work well in a demanding, dynamic environment, and meet overall objectives
Excellent interpersonal skills with the ability to communicate effectively verbally and in writing with all levels within the organization, including both technical and non-technical personnel
Automobile and/or manufacturing industry experience is a plus
Problem-solving skills
The ability to make quick, confident decisions
Listening and synthesis skills
Leadership skills—the ability to take command in a high-stress situation.
Draft operational and executive-level reports on the incident management program
Measure and track key performance metrics for the detection/response and incident management program and implement strategies for improvement to better secure Lucid data and systems.
Participate in routine and periodic status meetings to convey status of recent investigations / experiences and risks.
Participate in process improvement and documentation review
Ability to stay up to date on current cyber threat landscape, cyber threat trends, threat actors/groups, and exploit campaigns.
Salary Range: The compensation range for this position is specific to the locations listed below and is the range Lucid reasonably and in good faith expects to pay for the position taking into account the wide variety of factors that are considered in making compensation decisions, including job-related knowledge; skillset; experience, education and training; certifications; and other relevant business and organizational factors.
Additional Compensation and Benefits: Lucid offers a wide range of competitive benefits, including medical, dental, vision, life insurance, disability insurance, vacation, and 401k. The successful candidate may also be eligible to participate in Lucid’s equity program and/or a discretionary annual incentive program, subject to the rules governing such programs. (Cash or equity incentive awards, if any, will depend on various factors, including, without limitation, individual and company performance.)
Base Pay Range (Annual)
$138,200—$202,620 USD
By Submitting your application, you understand and agree that your personal data will be processed in accordance with our Candidate Privacy Notice. If you are a California resident, please refer to our California Candidate Privacy Notice.
To all recruitment agencies: Lucid Motors does not accept agency resumes. Please do not forward resumes to our careers alias or other Lucid Motors employees. Lucid Motors is not responsible for any fees related to unsolicited resumes.