Incident Response Manager - Security (Ancestry)

  • Lehi, UT, USA
  • Full-time

Company Description

We’re a cutting-edge tech company with a very human mission—to help every person discover, preserve, and share the story of what led to them. Combining the rich information in family trees and historical records with the genetic details revealed in DNA, we create unique experiences that give people a new understanding of their lives, because connecting all the pieces of our family story can give us the deepest sense of who we are.

For more information on what we do and why you would want to work at Ancestry, visit our careers

Job Description

Ancestry is looking for a highly qualified Computer Security Incident Response Team (CSIRT) manager.

The CSIRT manager leads the front line of defense against security incidents directed at the IT platforms and automated information systems of Ancestry. The CSIRT manager is also responsible for the performance of the CSIRT.

This team is the focal point for the execution of the response process and coordination of relevant parties when an information security incident occurs. The team is also responsible for maintaining the preparedness of Ancestry for effective response and for supporting other teams responding to incidents that have peripheral security implications.

This role reports to the Director of Information Security. During high-impact incidents, the CSIRT manager may be required to brief senior management directly and interact with the crisis management team.

Job Responsibilities

  • The CSIRT manager will develop, maintain and support an intelligence capability to identify current and emerging IT security risks to the organization. The CSIRT manager will:
  • Utilize commercial intelligence providers to gain insight into existing activities in the hacker and fraudster communities, as well as planned activities and emerging motivations.
  • Coordinate with the command center and the broader information security team to identify and assess IT security incidents.
  • Advise the information security team of significant emerging threats and recommend tactical steps to counteract these threats.
  • Leading the organization's response to IT security incidents, the CSIRT manager will perform the following tasks:
  • Develop and maintain the IT security incident response process, including all required supporting materials.
  • Develop and maintain security monitoring processes and tools.
  • Identify and remediate existing gaps or blind spots.
  • Work with business units, IT functions and external providers to ensure that the process is mutually understood and agreed on, and that responsibilities are clear and accepted.
  • Act as a liaison throughout the entire organization (including enterprise IT services, lines of business and customer call centers).
  • Initiate the IT security incident response process and execute decision authority to the extent of the role within that process.
  • Ensure execution of the incident response process to the resolution of the incident.
  • Ensure generation, maintenance and protection of required incident records, such as investigator journals.
  • Organize, participate in and, if required, chair post-incident reviews for presentation to management.
  • Evaluate the efficacy of current alerting and monitoring procedures.
  • Under normal operating conditions, this role will work to the usual organizational policies and norms of the broader team. However, if the CSIRT manager is notified outside of normal working hours of a potential incident, then the CSIRT manager will be expected to perform the role out of hours to the extent required to protect the organization.
  • The CSIRT manager will be expected to ensure that the CSIRT is suitably equipped to operate out of hours and off-site where desirable.


Required Qualifications, Skills and Knowledge

  • Bachelor's or master's degree in IT, engineering, business, management or a related field, or equivalent work experience
  • Tertiary qualifications in information or IT security, or industry qualifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or the equivalent
  • Strong communication skills with a proven ability to understand key concepts and communicate with technical staff, lines of business and senior management
  • Proven ability to build relationships and influence individuals at all levels in a matrixed environment, as well as external vendors and service providers, to ensure that segregation and overlapping roles are identified and coordinated
  • Strong organizational skills and the ability to perform in a command-and-control role under pressure, and the ability to manage multiple priorities with competing demands for resources
  • Ability to consume and synthesize intelligence about actors, techniques or situations to identify emerging risk scenarios
  • Strong analytical and problem-solving skills
  • Proficiency in process formulation and improvement
  • Knowledge of IT end-to-end problem management and root cause analysis
  • Proficient in working in a fast-paced, complex, dynamic, multicultural business environment
  • Knowledge of legal requirements for privacy of personal information from employees and customers
  • High levels of integrity in the conduct of personal and professional affairs
  • Calmness and clarity of thought under pressure
  • Ability to maintain confidentiality
  • Ability to maintain the goals and culture of the organization
  • Ability to understand the values of team members and to motivate them appropriately
  • Ability to identify areas of improvement
  • Understanding of strategic business objectives and the ability to drive results toward those objectives
  • The CSIRT manager must have in-depth knowledge of the following:
  • Methods and motivations adopted by hackers to attack IT platforms, automated information systems and an organization’s IT infrastructure
  • IT security incident management processes and tools
  • IT operations and support organizations
  • IT security risk assessment
  • IT security forensic techniques, tools and procedures


Required Experience

  • In-depth experience in security incident management processes and tools
  • Eight to Fifteen years of technology experience, including troubleshooting and performing root cause analysis of complex IT solutions
  • Two or more years of demonstrated leadership experience building consensus across IT domains
  • Two or more years of demonstrated experience managing a security incident response team
  • Two or more years of demonstrated experience in liaising with management of a large commercial enterprise
  • Experience operating in AWS/Cloud infrastructures


Desired Experience

  • Two or more years of experience in working in the software development industry
  • Experience in working with law enforcement or other relevant government agencies
  • Two or more years of hands-on IT or information security assessment in a commercial environment
  • Experience with ServiceNow


This is a sensitive role. The organization must have a high level of confidence in the integrity and track record of the individual who fills it. The CSIRT manager may be required to submit to background checking that is consistent with the high-risk role definition within the organization's staff probity policy and successfully meet the requirements articulated within that policy.




Additional Information

Ancestry is a profitable, growing company with a positive, high-energy environment. Together, our dedicated teams are harnessing the power of technology and using it to simplify the way people connect with their families and their unique legacies. Our work environment is fast-paced and challenging, but also extremely exciting. You’ll work with a team of passionate, engaged individuals. We offer excellent benefits and a competitive compensation package. For additional information, regarding our benefits and career information, please visit our website at

Ancestry is not accepting unsolicited assistance from search firms for this employment opportunity. All resumes submitted by search firms to any employee at Ancestry via-email, the Internet or in any form and/or method without a valid written search agreement in place for this position will be deemed the sole property of Ancestry. No fee will be paid in the event the candidate is hired by Ancestry as a result of the referral or through other means.

Ancestry is an Equal Opportunity Employer that makes employment decisions without regard to race, color, religious creed (including religious dress and grooming practices), national origin, ancestry, sex (including pregnancy, childbirth, breastfeeding, and medical conditions related thereto), sexual orientation, gender, gender identity and expression, age (40 and older), mental or physical disability (including HIV and AIDS), medical condition (cancer and genetic characteristics), veteran status, citizenship, marital status, genetic information, or any other basis that is prohibited by applicable law.   The Company also makes reasonable accommodations to applicants or employees with qualifying disabilities who request them and who otherwise meet the requirements of applicable law.  If you would like to request an accommodation during the application process, please contact our Director of Recruiting. 

All job offers are contingent on a background check screen that complies with applicable law.  For San Francisco office candidates, Ancestry will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of San Francisco's Fair Chance Ordinance.