Incident Manager

Philip Morris International U.S.•Tampa, FL

9h•Hybrid

About The Position

At Philip Morris International (PMI), the company is undergoing a transformation to deliver a smoke-free future, offering significant opportunities for career growth. The Incident Manager will be a key part of this change, responsible for leading and coordinating the technical response to serious cyber incidents such as APT activity, targeted malware campaigns, vulnerability exploits, and network-based attacks. This role involves defining and implementing containment strategies, communicating effectively with senior business stakeholders, taking ownership of incident response decisions, driving post-incident reviews for continuous improvement, and building relationships with key business stakeholders to promote Incident Response processes. The manager will also produce weekly and monthly management information and stay updated on the latest tools, tactics, and procedures used by threat actors.

Requirements

3+ years of experience in leading serious cyber incidents.
Highly effective risk assessment, data analysis, and communication skills.
Strong understanding of Windows & Linux operating systems and network fundamentals.
Strong knowledge of the latest TTPs, especially in respect of nation-state level attacks.
Experience of developing, implementing, and continually improving IR playbooks.
Experience of handling sensitive insider threat incidents.
Knowledge of the NIST cyber security framework.
Familiarity with SIEM (Sentinel, Splunk), Microsoft Defender Suite, and computer forensic tools.
Ability to multitask in a high pressure, fast-paced environment.
Excellent stakeholder engagement skills, including the ability to communicate complex topics to key stakeholders while clearly articulating risk and impact.
Strong problem solving skills with the confidence to make timely, well reasoned decisions.
Passion for the cyber security industry and staying current with emerging threats and technologies.
Fluent in English.
Legally authorized to work in the U.S.

Nice To Haves

Practical experience with security vulnerabilities, exploits and malware.
Industry certification, e.g. GCIH, GCFA, CEH, CFE, GREM etc.

Responsibilities

Lead and coordinate the technical response to serious cyber incidents, e.g. APT activity, targeted malware campaigns, vulnerability exploits, and network-based attacks in order to contain, eradicate, and recover from malicious activity.
Lead technical bridge-lines to triage incidents and to define and implement containment strategies, which often involve multiple competing priorities.
Produce pristine communications to senior business stakeholders in a timely manner to outline the anatomy of attack and the details of the response and remediation activity.
Lead and take ownership for all incident response key decisions, ensure auditable records and logs are maintained and incident records are up to date.
Drive post-incident review activity with a focus on root cause analysis and continuous improvement.
Build and develop relationships with key business stakeholders to promote the awareness of Incident Response processes.
Produce weekly and monthly Management Information pertaining to incidents handled and the current threat landscape.
Maintain up-to-date knowledge on the latest tools, tactics and procedures (TTPs) used by Threat Actors.
Provide support for major incident escalations which may involve occasional out-of-hours activity.

Benefits

competitive base salary
annual bonus (applicable based on level of position)
great medical, dental and vision coverage
401k with a generous company match
incredible wellness benefits
commuter benefits
pet insurance
generous PTO
Smart Work, a hybrid model of working that promotes flexibility in the workplace.
inclusive, diverse culture
opportunities to progress