Associate Director, Cybersecurity Incident Response

The Associate Director, Product Management - Cybersecurity Operations & Incident Response is responsible for leading efforts in detecting, investigating, and responding to security threats and incidents. This role involves developing and overseeing the execution of proactive threat hunting programs to identify and mitigate both external and internal threats. The Associate Director will also develop and improve playbooks and runbooks for responding to threats and optimize the use of security tools such as SIEM, XDR, SOAR, and case management platforms. Additionally, this role requires close collaboration with other product teams, including IT leadership, to strengthen Exelixis' cybersecurity posture. Extensive knowledge and experience in threat investigation, both internal and external, are essential, as the role may sometimes require performing threat investigations.

ESSENTIAL DUTIES AND RESPONSIBILITIES:

• Lead efforts in detecting, investigating, and responding to security threats and incidents.
• Lead the team's growth by optimizing incident response processes, reducing false positives, and enhancing threat detection and response capabilities.
• Develop and oversee the execution of proactive threat hunting programs to identify and mitigate both external and internal threats.
• Ensure that the team responds appropriately to threats and continuously improve detection and response capabilities – which may include collaborating with security vendors to conduct purple team exercises.
• Develop and improve playbooks and runbooks for responding to threats.
• Optimize the use of security tools such as SIEM, XDR, SOAR, and case management platforms.
• Work closely with other product teams, including IT leadership, to strengthen Exelixis' cybersecurity posture and provide guidance and direction to other IT professionals regarding security best practices and ensure compliance with industry standards and regulations when necessary.
• Develop and promote a strong cybersecurity culture within the organization, ensuring that all employees are aware of and adhere to security policies and best practices.
• Stay current with the latest threat landscape and emerging trends in cybersecurity to proactively identify and mitigate potential security risks.
• Contribute to the overall information security strategy.
• Recruit, motivate, mentor, and lead talent to be their best.

SUPERVISORY RESPONSIBILITIES:

• Provide directions to other individuals.
• Manage third-party service providers and consultants.
• Supervises staff, including hiring, scheduling and assigning work, reviewing performance, and

recommends salary increases, promotions, transfers, demotions, or terminations.

EDUCATION/EXPERIENCE/KNOWLEDGE & SKILLS:

Education:

• Bachelor’s degree in related discipline and eleven years of related experience; or
• Master’s degree in related discipline and nine years of related experience; or
• PhD degree in related discipline and five years of related experience; or
• Equivalent combination of education and experience
• CSSP, CCSP, CISSP, CISM or similar certification required

Experience:

• Demonstrated leadership in cybersecurity operations, with a deep technical knowledge of threat hunting, investigation, and incident response best practices. Ideally, this includes extensive hands-on experience as a SOC or incident response practitioner.
• Strong experience in conducting thorough investigations of security incidents, including but not limited to, malware infections, phishing attacks, insider threat and data breaches.
• Experience developing and implementing Cybersecurity Operations metrics and Key Performance Indicators to provide visibility into operational effectiveness and efficiency.  
• Proven experience in conducting phishing simulations to test the organization's resilience against phishing attacks. This includes designing and executing realistic phishing scenarios, analyzing the results, and assessing the effectiveness of current security measures. Additionally, the role involves identifying areas for improvement and implementing strategies to enhance the organization's defenses against phishing threats. This may include employee training programs, updating security policies, and deploying advanced anti-phishing technologies.
• Demonstrated experience and success in leadership roles in information technology and security operations
• Proven experience in successfully executing programs that meet the objectives of excellence in a dynamic business environment
• Experience or working knowledge of cloud, network, and application security
• Experience with risk management methodologies
• Experience in Biotech/Pharma is a plus

Knowledge/Skills/Abilities:

• Proficiency in handling security incidents from detection to resolution, including containment, eradication, and recovery.
• Familiarity with SOAR tools to automate and streamline incident response processes.
• Knowledge of XDR platforms to provide comprehensive threat detection and response across various security layers.
• Understanding how to gather, analyze, and interpret threat intelligence to anticipate and mitigate potential security threats.
• Ability to write scripts (e.g., Python, PowerShell) to automate repetitive tasks and enhance efficiency.
• In-depth knowledge of security tools and techniques, including but not limited to SIEM (Security Information and Event Management), threat intelligence, incident response, vulnerability scanners, network mapping tools, threat intelligence platforms, threat hunting, threat detection, threat prevention, cybersecurity technologies, threat landscape, and emerging trends to identify and assess the organization's attack surface
• Extensive knowledge of Identity Access Management (IAM), Data Loss Prevention (DLP), and Data Protection strategies.
• Strong grasp of Cloud Security principles and Development Security Operations (DevSecOps). 
• Deep understanding of security frameworks and standards such as, but not limited to, NIST, ISO 27001, and PCI-DSS. Ability to interpret these standards and apply them to an organization's specific security needs
• Comprehensive knowledge of DNS, network protocols, firewalls, VPNs, web application firewalls, email security, IPS/IDS, SIEM, DLP, cryptography, application whitelisting, and endpoint protection
• Strong analytical skills to assess and prioritize security risks and develop effective mitigation strategies.
• Ability to communicate complex security concepts and technical information to various stakeholders, including executives, IT teams, and business leaders. They should also be able to collaborate effectively with other security team members and other Exelixis groups
• Strong leadership skills and be able to manage and mentor other security team members
• Excellent analytical and problem-solving skills, be able to work independently and as part of a team and have strong communication skills
• Excellent leadership and communication skills, be able to work well under pressure and possess strong analytical and problem-solving abilities
• Ability to foster collaborative working relationships with technology groups and other stakeholders, including vendor relationships
• Ability to lead others irrespective of reporting structure.
• Thorough planning and tracking skills, well-organized, focused on results, capable of managing multiple projects, excellent time management with respect to priorities and self-management
• Excellent judgment and problem-solving skills, including negotiation and conflict resolution
• Ability to leverage both internal and external resources to expedite and deliver projects
• Ability to work in a team environment, create timelines, and continually make necessary adjustments
• Excellent writing, presentation, and oral communication skills

WORKING CONDITIONS:

• Environment: primarily working indoors in an office environment

#LI-EZ1

If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!

Our compensation reflects the cost of labor across several U.S. geographic markets, and we pay differently based on those defined markets. The base pay range for this position is $151,000 - $214,000 annually. The base pay range may take into account the candidate’s geographic region, which will adjust the pay depending on the specific work location. The base pay offered will take into account the candidate’s geographic region, job-related knowledge, skills, experience and internal equity, among other factors.

In addition to the base salary, as part of our Total Rewards program, Exelixis offers comprehensive employee benefits package, including a 401k plan with generous company contributions, group medical, dental and vision coverage, life and disability insurance, and flexible spending accounts. Employees are also eligible for a discretionary annual bonus program, or if field sales staff, a sales-based incentive plan. Exelixis also offers employees the opportunity to purchase company stock, and receive long-term incentives, 15 accrued vacation days in their first year, 17 paid holidays including a company-wide winter shutdown in December, and up to 10 sick days throughout the calendar year.

DISCLAIMER 
The preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification.  It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to the job.

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.