Information Security Manager (Incident Response)

Information Security Manager (Incident Response)

The Cybersecurity Manager, specializing in Incident Response and Forensics, leverages knowledge of advanced cyber threats, attacker methodologies, and security technologies to proactively identify and neutralize complex threats within the enterprise environment. This specialist remains informed about emerging technologies and recommends strategic directions. A strong understanding of security best practices, excellent analytical and problem-solving skills, and the ability to work both independently and collaboratively within a team are essential for this role. The Senior Cybersecurity Specialist plays a crucial part in protecting our organization's digital assets and ensuring a robust security posture.

• Performs strategic assessments to understand the current capabilities and future security needs of the enterprise. Recognizes and evaluates business security risks while defining appropriate risk-mitigating controls and technologies.
• Takes a primary role in investigating and responding to complex security incidents identified through threat-hunting activities, including containment, eradication, and recovery efforts.
• Presents incident details and findings to senior management.
• Based on insights from threat hunting, recommends and drives the implementation of new or enhanced security controls and technologies to mitigate identified vulnerabilities and improve the organizations defense capabilities.
• Provides technical leadership, guidance, and mentorship to junior threat hunters, fostering their professional development and enhancing the teams overall capabilities.
• Defines the scope, objectives, and methodologies for threat-hunting engagements based on threat intelligence, business risk, and asset criticality. Oversees the planning, execution, and reporting of threat-hunting activities to ensure the efficient and effective identification of potential threats.
• Identifies new and alternative approaches for implementing and managing security activities. Provides security consultation and implements appropriate controls to minimize the risk of potential revenue loss, missed business opportunities, or competitive disadvantages resulting from malicious attacks, accidental data corruption, or unauthorized access to sensitive company or customer information assets.
• Maintains relationships with and consults industry-leading Information Security Associations, companies, and forums to stay updated on the latest technology and process advancements through education. Manages security trends and evaluates their effects on the CLS architecture and the security protection landscape.
• Provides tier-three subject matter expert (SME) escalation support to the Service Desk for information security issues. This includes maintaining historical information, making adjustments, compiling statistics to enhance performance, and developing performance metrics.
• Ensures that projects are selected based on key criteria and are diligent in selecting the most valuable projects within resource and budget constraints. Has the capability to request funding for larger projects, document the program, and present improvements to senior management for approval.
• Prepares clear and concise reports and presentations for both technical and non-technical audiences, including senior management, that summarize threat-hunting activities, findings, and actionable recommendations.
• Offers strategic input for the development and maintenance of the organization's security roadmap, informed by insights gained from threat-hunting activities and the evolving threat landscape.

• Knowledge of operating systems (Windows, Unix, macOS), endpoint detection and response (EDR) solutions, antivirus software, and how threats manifest on endpoints is essential. This includes understanding system logs, processes, and file system activities.
• Proficiency in using SIEM tools (e.g., Sumologic, Microsoft Sentinel) to aggregate, correlate, and analyze security logs and events from various sources is vital for identifying suspicious patterns and anomalies across the environment.
• Sound Scripting Knowledge (e.g., Python, bash, Ruby).
• Strong understanding of cloud security concepts, platforms (AWS, Azure, GCP).
• Experience in risk and compliance management and process development in the areas of information technology and security.
• Advanced knowledge of risk mitigation and business controls.
• Excellent communication and business writing skills, as well as the ability to develop executive-level presentations/strategies that include process diagrams and designs.
• Excellent problem resolution and creative problem-solving skills.
• Excellent project management skills and strong knowledge of change management processes.
• Strong customer management skills; ability to clearly articulate the role that IT can play in enhancing customers activities.

• Duties of this position are performed in a normal office environment.
• Duties may require extended periods of sitting and sustained visual concentration on a computer monitor or on numbers and other detailed data. Repetitive manual movements (e.g., data entry, using a computer mouse, using a calculator, etc.) are frequently required.
• May require occasional on-call availability and response to security incidents outside of normal business hours.

• 10+ years of progressive experience in cybersecurity, with a significant focus on threat hunting, incident response for advanced threats, security operations, and digital forensics.
• Demonstrated history of technical leadership and strategic thinking in security roles.
• Extensive experience leading and managing complex security investigations and threat hunting engagements.

• Bachelor's Degree in Computer Science, Information Security, or a related field.
• Must have at least 2 of the below certifications:
  CompTIA Security+
  CompTIA Cybersecurity Analyst (CySA+)
  CompTIA Advanced Security Practitioner (CASP+)
  GIAC Certified Incident Handler (GCIH)
  GIAC Certified Forensic Analyst (GCFA)
• Educational requirements may vary by geography.

This job description is not intended to be an exhaustive list of all duties and responsibilities of the position. Employees are held accountable for all duties of the job. Job duties and the % of time identified for any function are subject to change at any time.

Celestica is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, pregnancy, genetic information, disability, status as a protected veteran, or any other protected category under applicable federal, state, and local laws. Special arrangements can be made for candidates who need it throughout the hiring process. Please indicate your needs and we will work with you to meet them.

COMPANY OVERVIEW: Celestica (NYSE, TSX: CLS) enables the worlds best brands. Through our recognized customer-centric approach, we partner with leading companies in Aerospace and Defense, Communications, Enterprise, HealthTech, Industrial, Capital Equipment and Energy to deliver solutions for their most complex challenges. As a leader in design, manufacturing, hardware platform and supply chain solutions, Celestica brings global expertise and insight at every stage of product development – from drawing board to full-scale production and after-market services for products from advanced medical devices, to highly engineered aviation systems, to next-generation hardware platform solutions for the Cloud.Headquartered in Toronto, with talented teams spanning 40+ locations in 13 countries across the Americas, Europe and Asia, we imagine, develop and deliver a better future with our customers.

Celestica would like to thank all applicants, however, only qualified applicants will be contacted. Celestica does not accept unsolicited resumes from recruitment agencies or fee based recruitment services.