Staff Incident Response Specialist

Remote Canada /
Security – Security /
Full Time Remote
60,000 businesses and millions of people use 1Password to protect their most important information. We’re a kind, curious, and customer-focused team on a mission to build the world's most-loved password manager and give people more control over their data.

1Password has a long-standing commitment to customer privacy and security, and the Security Team is responsible for safeguarding them. We are a passionate team that really cares about protecting our customers, and are looking for new team members that bring that same passion.

As an Incident Response Specialist, you’ll be working with our Security Team, DevOps, IT, development, and other teams to help us to continue to raise the bar for security. This includes working with these teams to identify potential security-related events, implement and improve data capture and alerting, and helping to ensure 1Password’s data remains safe.

What we're looking for:

    • 7+ years of relevant work experience
    • Experience in a highly-distributed / remote work environment
    • Experience developing incident response, monitoring, and detection programs
    • Experience with common systems and network monitoring tools
    • Understanding of monitoring, detection, and response automation strategies
    • Understanding of threat modeling, threat intelligence, and common attacks
    • Ability to identify IOCs and implement detection and alerting
    • Ability to perform log and system analysis to identify potential incidents
    • Ability to server as a subject matter expert when working with various teams
    • Ability to identify and implement mitigating controls and countermeasures

Bonus points for:

    • Prior management / leadership experience
    • Experience with implementing monitoring in a cloud environment
    • Ability to develop custom tools or integrations in a scripting language such as Python

What you'll be doing:

    • Identify opportunities to improve detection & monitoring capabilities, and design solutions to address them
    • Assist in updating and developing policies and procedures
    • Analyze logs, network activity, and systems to identify potential incidents
    • Investigate potential incidents to determine cause, as well as triage and respond to actual incidents
    • Work with developers, DevOps, IT, and other teams to improve monitoring capabilities, perform root cause analysis, and develop mitigation plans
    • Train and mentor others