Director of Incident Response

Ciena is committed to our people-first philosophy. Our teams enjoy a culture focused on prioritizing a personalized and flexible work environment that empowers an individual's passions, growth, wellbeing and belonging. We're a technology company that leads with our humanity-driving our business priorities alongside meaningful social, community, and societal impact.

Why Ciena:

• We are big proponents of life-work integration and provide the flexibility and tools to make it a reality with remote work and potentially, part-time work.
• We believe an inclusive, diverse, and barrier-free work environment makes for empowered and committed employees.
• We recognize the importance of well-being and offer programs and benefits to support and sustain the mental and physical health of our employees and their families and also offer a variety of paid family leave programs.
• We are committed to employee development, offering tuition reimbursement and a variety of in-house learning and mentorship opportunities.
• We know that financial security is important. We offer competitive salaries and incentive programs, RSU's (job level specific) and an employee share option purchase program.
• We realize time away to recharge is important. We offer flexible paid time off!
• Great work deserves recognition. We have a robust recognition program, with ongoing and enhanced awards for exemplary performance.

How You Will Contribute:

Reporting to Senior Director, Cyber Security, as the Director of Incident Response, you will play a pivotal role in building and shaping the strategic direction, capabilities, and maturity of Ciena's global Security Incident Response function, along with providing tactical oversight and execution. You will provide strong leadership, mentoring, and development of Ciena's global Security Incident Response Team (SIRT), by bringing your hands-on IR, technical, and leadership experience to bear. As the Director of Incident Response, you will manage the global SIRT, develop and implement response strategies, drive and enhance the capabilities of our Extended Security Incident Response Team (ESIRT), and coordinate with the Security Operations Center. You will conduct post-incident analysis, oversee forensic investigations, and collaborate with various teams for a coordinated response and continuous improvement. You will coordinate closely with Ciena's Cyber Threat Intelligence (CTI) and Legal elements to remain up to date with cybersecurity threats and relevant law and regulations, along with conducting regular training exercises to maintain and drive Ciena's effective Incident Response capabilities. You will also leverage Ciena's CTI capabilities to regularly conduct threat hunts.

• Provide leadership and management: You will be responsible for providing leadership and guidance for Ciena's enterprise-wide global 24/7 Security Incident Response Team (SIRT), ensuring optimal performance and swift response times. Additionally, you will be responsible for growing, leading, and managing the SIRT, ensuring they are well-coordinated, efficient, and effective in responding to security incidents.

• Lead the Incident Response team: As the Director of Incident Response, you will be responsible for managing the incident response team, ensuring that they are well-coordinated, efficient, and effective in responding to security incidents.
• Develop, maintain, and implement incident response plans, policies, and procedures: You will create and update comprehensive incident response strategies that outline how to handle security incidents. This includes preparing for and identifying potential security breaches, outlining steps for containment, eradication, and recovery, generating lessons learned for continuous improvement, and defining incident-related communication protocols.
• Synchronize incident detection and response functions: You will ensure seamless coordination among the SOC, Security Incident Response, and Extended Security Incident Response Team (ESIRT) functions to detect and respond to security events and incidents promptly. This collaboration will focus on the proactive sharing of information about potential threats and coordinating actions to mitigate risks to ensure business and system resilience across Ciena and its partners.
• Provide guidance and leadership in forensic investigations: In the event of a security incident, you will oversee the forensic investigation, providing technical expertise and leadership to ensure a thorough and accurate investigation.
• Conduct post-incident analysis: After a security incident, you will lead the analysis to determine the root cause, assess the impact, identify the lessons learned, and suggest improvements to systems and processes to prevent similar incidents in the future.
• Subject Matter Expert: You will serve as a subject matter expert on all aspects of Incident Response, including investigative procedures, forensic acquisition methods, incident response and other response techniques.
• Collaborate with other teams and stakeholders: Effective incident response requires collaboration across the global organization. You will work with various internal teams, including IT, Legal, Public Relations, and Business Units, to ensure a coordinated response to incidents. You will also be the primary point of contact for Ciena's external IR-related partners.
• Stay updated on the latest cybersecurity threats and trends: You will keep abreast of new security threats, vulnerabilities, and industry trends to ensure that the incident response strategy is up-to-date and effective.
• Conduct regular training and simulation exercises: To ensure that the incident response team is always ready to respond to security incidents, you will organize regular training sessions and simulations.
• Ensure Continuous Improvement: You will ensure the continued growth of capabilities and maturity of the SIRT, through the development and implementation of existing and new metric reporting and scorecards, along with the development and implementation of project plans and roadmaps to measure progress, effectiveness, and efficiency. Additionally, you will establish performance goals and priorities to ensure the team is working towards the same objectives.
• Effectively Communicate and Build Relationships: You will regularly brief Senior Leadership, business partners and team members through engaging and informative verbal and written presentations. You will build and maintain robust and enduring relationships with internal and external partners to ensure Ciena's resilience.

What Does Ciena Expect of You?

• Initiative - you're a self-starter who works with limited direction and is committed to delivering against aggressive deadlines.
• A customer first mentality - what's important to the customer is also important to you.
• Agility - with an ability to flex between the strategic and tactical, you manage competing and ever-changing priorities and maintain a balanced and methodical approach to problem solving.

• Communication expertise - you possess the ability to tailor your message and ideas to the audience to ensure understanding and consensus.
• The flexibility towork independentlyand aspart of a broader team - you thrive in a team environment, are comfortable working independently, and know how to get things done in a virtual environment.
• Relationship builder - with a proven ability to influence at all levels, you're able to quickly develop trusted connections and get work done through others.
• A commitment to innovation - you keep abreast of competitive developments and are always keen to formulate new ideas and problem solve.

The Must Haves:

• Bachelor's degree in Computer Science, Information Security, or a related field.
• Proficiency and hands-on experience with Incident Response tools, protocols, and analysis techniques is crucial. This includes knowledge of Endpoint Detection and Response (EDR) tools; network and memory forensics; deep understanding of network protocols and network traffic analysis; familiarity with packet capture analysis; experience with log and SIEM analysis to detect malicious activity; proficiency in cloud platforms and their security tools and the ability to handle close-specific events and incidents; knowledge of zero trust and secure architectures; and knowledge of how Artificial Intelligence (AI) and Machine Learning (ML) are used in threat detection and response.
• Experience as an Incident Commander, or similar role.
• Ability to create detailed and clear incident reports for technical and non-technical stakeholders.
• Must have a deep understanding of cybersecurity principles, including knowledge of threats, vulnerabilities, and risk management. Should be familiar with various types of attacks, such as ransomware, malware, phishing, and DDoS attacks, and how to respond to them.
• A thorough understanding of incident response procedures is crucial. This includes knowledge of how to identify an incident, assess its impact, contain it, eradicate the threat, recover from it, and conduct a post-incident lessons learned review.
• Should have knowledge of digital forensics to investigate security incidents. This includes understanding how to preserve evidence, analyze system logs, and conduct root cause analysis.
• Should be aware of the legal and compliance aspects related to cybersecurity. This includes understanding domestic and international data privacy laws, regulations, rules, etc., such as GDPR, CIRCIA 2022, or SEC Disclosure Rules, along with reporting requirements for security incidents.
• Should have a solid understanding of network and system architecture, including knowledge of operating systems, databases, and network protocols. This knowledge is crucial for identifying vulnerabilities and understanding how a threat could impact the system.
• Should stay updated on the latest cybersecurity threats and trends. This includes understanding emerging threats, new types of malware, and the latest hacking techniques.
• A working knowledge of cybersecurity frameworks like ISO 27001, NIST Cyber Security Framework (CSF), MITRE ATT&CK/D3FEND, CIS, etc. is necessary for setting up and maintaining security protocols.
• The ability to perform risk assessments and implement mitigation strategies is important for this role.
• Experience in developing and implementing disaster recovery plans to ensure business continuity in the event of a security breach is beneficial.
• Understanding of network protocols, network devices, multiple operating systems, and secure architectures.
• Hands-on experience, particularly in a leadership role, is critical for understanding the complexities and challenges of managing security incidents.

Good To Have :

• A relevant Master's Degree or industry-recognized certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), or GIAC Incident Handler (GCIH), demonstrate a high level of expertise in information security and incident management and are highly desirable, but not required.

#LI-BS1