Senior Manager, Cybersecurity Operations

Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

Location: San Francisco, CA or Remote throughout US

Invitae is dedicated to bringing comprehensive genetic information into mainstream medicine to improve healthcare for billions of people. Our team is driven to make a difference for the patients we serve. We are leading the transformation of the genetics industry, by making genetic testing affordable and accessible for everyone to guide health decisions across all stages of life. 

Our Security Operations Team is building secure defenses against persistent threats both internal and external, and acts as the last line of defense against malicious actors to ensure all sensitive data at Invitae is protected and secured from unauthorized access.

What you’ll do:

  • Leading and managing all security operations for the organization, including in house security engineers and MSSP resources providing 24x7 SOC as a Service
  • Managing the Incident Response lifecycle and developing improvements to increase program maturity and reduce overall time for threat containment
  • Managing a diverse team of security analysts and engineers distributed globally
  • Establishing a threat intelligence strategy and incorporating it into the existing security operations solution stack
  • Defining and implementing incident response playbooks related to emerging threats and attack techniques  
  • Acting as incident response lead for security incidents and assisting with forensic investigation/analysis, advanced incident handling, intelligence gathering, forensic research, and formal incident investigation
  • Coordinating with outside law enforcement and incident response firms when required 
  • Developing training programs for skills enrichment related to incident response, forensic analysis and the use of threat intelligence to empower proactive threat hunting
  • Working closely with the CISO to develop and implement strategies for corporate-wide security initiatives to reduce operational risk
  • Working closely with Legal, Privacy and Security Governance & Compliance to design and implement data protection solutions to align with Privacy and Information Security policies, especially for cloud hosted and highly regulated data environments
  • Providing oversight and guidance for periodic security assessments to ensure compliance with information security policies and established security controls
  • Developing metrics and security operations dashboards to measure progress for security initiatives and communicate team accomplishments and the effectiveness of security controls and processes
  • Establishing the security operations roadmap to drive maturity improvements for incident response and operational excellence in the information security program
  • Conducting regular red team/blue team training exercises
  • Implement attack simulation solutions to identify endpoint, server and networking topology issues identified in the MITRE Attack Framework 
  • Driving and managing the vulnerability assessment and asset management lifecycle
  • Working closely with the Application Security team to establish a regular cadence for internal and external penetration testing for all products and cloud-hosted applications
  • Ensuring applications, networks, systems and cloud services are planned, designed, developed, implemented, and monitored in accordance with the Information Security Policy and associated HITRUST, HIPAA, PCI and SOX security controls
  • Developing and implementing monitoring capabilities for on premise and AWS hosted infrastructure for both corporate and customer environments
  • Implementing and maintaining the centralized logging infrastructure to support SIEM correlation, alerting and reporting
  • Guiding the Security Operations Center to develop new data feeds and services for continuous monitoring and detection capabilities, including the writing of data parsers, installation of data connectors and log collectors, and tuning and aggregating multiple security alerting sources
  • Assisting in the development and automation of threat management, vulnerability management, and incident management processes
  • Working closely with cross functional teams to embed security monitoring, logging, and auditing capabilities into all corporate and cloud operations

 What you bring:

  • Minimum 7+ years of experience in Information Security with an emphasis on leading security personnel to secure applications, networks and systems
  • At least one security related certification, such as CISSP, GIAC, CompTIA Security+, required.  CISSP strongly preferred.
  • Experience with the development, deployment, and automation of security solutions in an enterprise cloud based environment
  • Detailed understanding of Microsoft Active Directory, Identity and Auth services, DNS, DHCP and email infrastructure design and security
  • Deep understanding of VPN, PKI, IPAM and MFA technologies
  • Demonstrated proficiency in system hardening techniques for Microsoft Windows, Linux and Mac OSX
  • Hands-on technical proficiency with IDS/IPS and SIEM tools.  Splunk and Graylog expertise highly preferred.
  • Proven ability to manage priorities & deadlines and to work independently in a highly dynamic and diverse environment with multiple concurrent projects happening simultaneously
  • Demonstrated experience in investigating security issues related to Internet, server, desktop, laptop, tablet and other mobile device security issues; OS patching, hardening and anti-virus

Preferred: 

  • Experience in DevOps environments and maintaining security in CI/CD processes
  • Deep understanding of GSuite and Okta highly desirable
  • Demonstrated ability to facilitate automation and integration through scripting in Powershell, Python, Perl, etc, highly preferred.
  • Knowledge of technical security control environments and compliance frameworks such as CSA CCM, ISO 270001 and SOC 2, etc.  Experience supporting HITRUST and HIPAA is highly desirable.
  • Solid understanding of AWS architecture and services
  • Hands-on experience with incident response as a senior or lead analyst or manager

At Invitae, you’ll work alongside some of the world’s experts in genetics and healthcare at the forefront of genetic medicine. Our teams thrive in our dynamic organization, which has been designed to empower them to make the biggest impact they can for our patients.  We give our employees the ability to explore interests and capabilities broadly within the organization. We prize freedom with accountability and offer significant flexibility. We also provide excellent benefits and competitive compensation in a fast-growing organization. 

At Invitae, we’re changing healthcare to change lives. Join us. 

At Invitae, we value diversity and provide equal employment opportunities (EEO) to all employees and applicants without regard to race, color, religion, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the San Francisco Fair Chance Ordinance.

#L1-HS1

#LI-Remote

Read Full Job Description
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

Technology we use

  • Engineering
    • C++Languages
    • JavascriptLanguages
    • PythonLanguages
    • RLanguages
    • RubyLanguages
    • SqlLanguages
    • D3JSLibraries
    • jQuery UILibraries
    • ReactLibraries
    • Twitter BootstrapLibraries
    • DjangoFrameworks
    • MongoDBDatabases
    • PostgreSQLDatabases

Location

Conveniently located minutes from downtown Boulder via Pearl Street or the Goose Creek Path. Easily commutable from all directions.

An Insider's view of Invitae (Formerly ArcherDx)

What’s the vibe like in the office?

Collaborative - when I walk through the Invitae office at any time of day, I can see cross-functional collaboration in action. Our team members are constantly connecting in structured and unstructured meetings to solve problems and achieve goals.

Sarah

Corporate Recruiter

How do you collaborate with other teams in the company?

Collaboration between functional groups is key to the Logistics team's success at Invitae. Working closely with Sales, Manufacturing, Assay Development, Customer Support, Finance and QA allows us to provide better customer service by improving our processes, troubleshoot, brainstorm new ideas, learn from each other and share our best "dad" jokes.

Judy

Logistics Manager

How do you empower your team to be more creative?

Creativity requires a break from the routine and the screen. Here at Archer the team gets creative through walks to the food trucks, lunch runs, climbing gym sessions or a few end of the week craft brews. Some of our best algorithms were developed or refined on the climbing gym mat.

Aaron

VP of Bioinformatics and Commercial Development

What are Invitae (Formerly ArcherDx) Perks + Benefits

Invitae (Formerly ArcherDx) Benefits Overview

At Invitae, our employees are the key to our continued success. Our culture is one of our most important strengths. A set of commitments we make to each other and to our customers to build a world-class organization in service of our mission. That is why Invitae proudly offers comprehensive perks and benefits program with choice and flexibility in mind.

Culture
Volunteer in local community
Friends outside of work
Eat lunch together
Intracompany committees
Daily sync
Open door policy
Team owned deliverables
Team based strategic planning
Group brainstorming sessions
Open office floor plan
Diversity
Dedicated Diversity/Inclusion Staff
Highly diverse management team
Unconscious bias training
Diversity manifesto
Someone's primary function is managing the company’s diversity and inclusion initiatives
Mean gender pay gap below 10%
Diversity Employee Resource Groups
Hiring Practices that Promote Diversity
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Disability Insurance
Dental Benefits
Vision Benefits
Health Insurance Benefits
Life Insurance
Pet Insurance
Wellness Programs
Team workouts
Mental Health Benefits
Retirement & Stock Options Benefits
401(K)
401(K) Matching
Company Equity
Employee Stock Purchase Plan
Performance Bonus
Child Care & Parental Leave Benefits
Generous Parental Leave
Flexible Work Schedule
Remote Work Program
Our remote work program includes work from home on occasion as needed.
Family Medical Leave
Restricted work hours
Return-to-work program post parental leave
Vacation & Time Off Benefits
Unlimited Vacation Policy
Generous PTO
Paid Holidays
Paid Sick Days
Perks & Discounts
Beer on Tap
Casual Dress
Commuter Benefits
Company Outings
Archer hosts company outings Semi-annually.
Happy Hours
Relocation Assistance
Professional Development Benefits
Job Training & Conferences
Tuition Reimbursement
Our tuition reimbursement plan offers an annual max of $5250.
Diversity Program
Lunch and learns
Cross functional training encouraged
Promote from within
Mentorship program
Time allotted for learning
More Jobs at Invitae (Formerly ArcherDx)75 open jobs
All Jobs
Finance
Data + Analytics
Design + UX
Dev + Engineer
HR + Recruiting
Internships
Legal
Marketing
Operations
Product
Project Mgmt
Sales
Developer
new
Remote
Operations
new
Remote
Developer
new
Remote
Data + Analytics
new
Remote
Product
new
Boulder
Developer
new
Boulder
Project Mgmt
new
Remote
Project Mgmt
new
Remote
Project Mgmt
new
Remote
Project Mgmt
new
Remote
Project Mgmt
new
Remote
Project Mgmt
new
Remote
Developer
new
Remote
Data + Analytics
new
Remote
Developer
new
Remote
HR + Recruiting
new
Remote
Developer
new
Remote
Data + Analytics
new
Remote
Operations
new
Remote
Operations
new
Boulder
Developer
new
Boulder
Operations
new
Boulder
Project Mgmt
new
Boulder
Developer
new
Boulder
Internships
new
Boulder
Operations
new
Boulder
Operations
new
Boulder
Operations
new
Boulder
Internships
new
Boulder
Project Mgmt
new
Boulder
Developer
new
Remote
Developer
new
Remote
Marketing
new
Remote
Data + Analytics
new
Remote
Developer
new
Remote
Product
new
Boulder
Design + UX
new
Remote
Operations
new
Remote
Operations
new
Boulder
Data + Analytics
new
Remote