Incident Response Manager - Ancestry IS team (SF)

  • San Francisco, CA, USA
  • Full-time

Company Description

We’re a cutting-edge tech company with a very human mission—to help every person discover, preserve, and share the story of what led to them. Combining the rich information in family trees and historical records with the genetic details revealed in DNA, we create unique experiences that give people a new understanding of their lives, because connecting all the pieces of our family story can give us the deepest sense of who we are.

For more information on what we do and why you would want to work at Ancestry, visit our careers page online.

Job Description

The Opportunity:

Ancestry IS team is seeking an Incident Response Manager for our CSIRT.  This person will lead the front line of defense against security incidents directed at the IT platforms and automated information systems of and AncestryDNA.  Our CSIRT manager will develop, maintain and support an intelligence capability to identify current and emerging IT security risks for the entire organization.

This opportunity will require strong organizational skills, the ability to perform in a command-and-control role under pressure, and the ability to manage multiple priorities with competing demands for resources.  This is a highly technical, hands-on position that will also require a significant amount of mentoring for the Incident Response team.

The team:

This team is the focal point for the execution of the response process and the coordination of relevant parties when an information security incident occurs. The team is responsible for creating and being prepared and proactive for effective response, and also for supporting other teams responding to incidents that have peripheral security implications.

This role reports to the Director of Information Security. There will be high-impact incidents, and this CSIRT manager may be required to brief senior management directly and interact with the crisis management team.

Job Responsibilities:

  • Utilize commercial intelligence providers to gain insight into existing activities in the hacker and fraudster communities, as well as planned activities and emerging motivations.
  • Coordinate with the command center and the broader information security team to identify and assess IT security incidents as well as identify opportunities for process improvements.
  • Advise the information security team of significant emerging threats and recommend tactical steps to counteract these threats.
  • You will perform and execute all the following tasks:
    • Develop and maintain the IT security incident response process, including all required supporting documentation.
    • Develop and maintain security monitoring processes and tools.
    • Identify and remediate existing gaps or blind spots.
    • Work with business units; IT functions and external providers to ensure that the process is mutually understood and agreed on and that responsibilities are clear and accepted.
    • Be a liaison throughout the entire IT organization (including enterprise IT services, lines of business and customer call centers).
    • Initiate the IT security incident response process and ensure execution of the incident response process to the resolution of the incident.
    • Generate, maintain and protect all required incident records, such as investigator journals.
    • Organize, participate in and, if required, chair post-incident reviews for presentation to management.
    • Evaluate the efficiency of current alerting and monitoring procedures
  • Under normal operating conditions, this role will work to the usual organizational policies and norms of the broader team. However, if the CSIRT manager is notified outside of normal working hours of a potential incident, then the CSIRT manager will be expected to perform the role out of hours to the extent required to protect the organization.
  • Will be expected to ensure that the CSIRT is suitably equipped to operate out of hours and off-site where desirable.

#threathunter #SOCmanager #securtyoperationscenter #incidentresponse


  • You have a Bachelor's or master's degree in IT, engineering, business, management or a related field, or equivalent work experience.
  • You have Tertiary qualifications in information or IT security, or industry qualifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or the equivalent.
  • You have Proven ability to build relationships and influence individuals at all levels in a matrixed environment, as well as external vendors and service providers, to ensure that segregation and overlapping roles are identified and coordinated.
  • You perform calmly in a command-and-control role under intense pressure, and also can manage multiple priorities with competing demands for resources.
  • You consume and synthesize intelligence about actors, techniques or situations to identify emerging risk scenarios.
  • You have an intense passion for “threat-hunting” and can also perform end-to-end problem management and root-cause analysis.
  • You are a natural leader, other team members value your opinion, they come to you for questions, and you can motivate appropriately enabling career growth for your colleagues or those you manage.
  • You have a keen passion for Process Improvement and can identify areas of improvement quickly (you are a natural at it).

Required Experience, at the minimum:

  • A minimum of five years of Information Security technology experience, including troubleshooting and performing root cause analysis of complex IT solutions.
  • Five plus years experience in methods and motivations adopted by hackers to attack IT platforms, automated information systems and an organization’s IT infrastructure.
  • A minimum of four years in all the following areas:
    • IT Security Incident Response - management processes and tools
    • Forensic techniques
    • IT operations and support organizations
    • IT security risk assessment
    • IT security forensic techniques, tools and procedures

o   hands-on technical experience within IS assessment in a commercial/enterprise environment

·        A minimum of two years in all the following areas:

o   Demonstrated leadership experience in building consensus across IT domains

o   Demonstrated experience in liaising with the management of a large commercial enterprise

o   Being a lead or mentor within a security incident response team (Management experience is ideal)

o   Operating within AWS/Cloud Infrastructure

Desired Experience:

·        Experience being a direct manager over a Security Incident Response team, who also has a keen interest in mentoring, enabling career growth for the entire team you manage

·        A deep mix of both SOC and Incident Response Management with 8+ years of experience being within an Information Security team

·        Risk Assessment experience

  • Two or more years of experience in working in the software development industry
  • Experience in working with law enforcement or other relevant government agencies
  • Two or more years of hands-on IT or information security assessment in a commercial environment
  • Experience with ServiceNow

Additional Information

Ancestry is a profitable, growing company with a positive, high-energy environment. Together, our dedicated teams are harnessing the power of technology and using it to simplify the way people connect with their families and their unique legacies. Our work environment is fast-paced and challenging, but also extremely exciting. You’ll work with a team of passionate, engaged individuals. We offer excellent benefits and a competitive compensation package. For additional information, regarding our benefits and career information, please visit our website at

Ancestry is not accepting unsolicited assistance from search firms for this employment opportunity. All resumes submitted by search firms to any employee at Ancestry via-email, the Internet or in any form and/or method without a valid written search agreement in place for this position will be deemed the sole property of Ancestry. No fee will be paid in the event the candidate is hired by Ancestry as a result of the referral or through other means.

Ancestry is an Equal Opportunity Employer that makes employment decisions without regard to race, color, religious creed (including religious dress and grooming practices), national origin, ancestry, sex (including pregnancy, childbirth, breastfeeding, and medical conditions related thereto), sexual orientation, gender, gender identity and expression, age (40 and older), mental or physical disability (including HIV and AIDS), medical condition (cancer and genetic characteristics), veteran status, citizenship, marital status, genetic information, or any other basis that is prohibited by applicable law.   The Company also makes reasonable accommodations to applicants or employees with qualifying disabilities who request them and who otherwise meet the requirements of applicable law.  If you would like to request an accommodation during the application process, please contact our Director of Recruiting. 

All job offers are contingent on a background check screen that complies with applicable law.  For San Francisco office candidates, Ancestry will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of San Francisco's Fair Chance Ordinance.