We're Cruise, a self-driving service designed for the cities we love.
We’re building the world’s most advanced, self-driving vehicles to safely connect people to the places, things, and experiences they care about. We believe self-driving vehicles will help save lives, reshape cities, give back time in transit, and restore freedom of movement for many.
Cruisers have the opportunity to grow and develop while learning from leaders at the forefront of their fields. With a culture of internal mobility, there's an opportunity to thrive in a variety of disciplines. This is a place for dreamers and doers to succeed.
If you are looking to play a part in making a positive impact in the world by advancing the revolutionary work of self-driving cars, join us.
The Cybersecurity Incident Response Team (CIRT) builds detections as code, investigates cybersecurity events, leads internal security incidents and digital forensic investigations, and builds custom software solutions aimed to increase the efficiency of response.
As Cruise scales, we need a strong leader at the helm of security incidents, digital investigations, and highly-technical projects centered on both tactical and strategic blue team operations, including areas such as live response, artifact collection and parsing, and automation.
In major security incidents, you will serve as the incident commander, responsible for bringing together and leading a large cross-functional team through all stages of the incident response process. Day-to-day, you will be providing technical guidance and leadership to junior and senior incident response engineers, and delivering on engineering initiatives. Strategically, you will partner closely with the Engineering Manager and help set the technical direction of the team.
Applicants should be excited to solve hard problems, employ their outstanding communication skills, and lead and mentor others. You should possess extensive experience in incident response and digital forensics, and be the one who stands out on your team as a top performer, innovator and leader.
Provide day-to-day technical leadership and support to a team of incident response security engineers, serving as the primary escalation
Serve as the escalation point for alert triage and investigation
Execute on our incident response plan, leading cross-functional teams through the company's most significant security incidents
Draft and present polished incident reports or internal communications fit for an executive audience, and lead incident postmortems
Architect and spearhead deeply-technical and complex projects focused on securing Cruise
Identify, build, and support relationships with key cross-functional partners within and outside of Security
Partner with the Engineering Manager to help set the technical direction of the team
Mentor junior and senior incident response engineers
Embody Cruise behaviors and values: Stay Safe, Own It, Stay Focused, Seek Truth, Work Together, Be a Customer, Be Humble
Extensive experience leading response and investigation of large-scale and dynamic security incidents in corporate environments
Conversant knowledge of current opportunistic and/or advanced threat actor ecosystem, their targeting patterns, and associated tradecraft
Experience mentoring less senior members of an incident response team
Demonstrated ability to project composure and organization in the midst of high-intensity incidents
Exceptional communication skills with a knack for building relationships cross-functionally to support incidents and investigations
Intimate knowledge of core network protocols, with a demonstrated ability to query and analyze network logs in incidents and investigations
Experience performing log analysis in cloud environments (GCP, AWS, Azure) and across multiple SIEMs
In-depth knowledge of disk structures and experience performing file system and operating system forensics, with significant expertise in at least one OS (Mac, Windows or Linux)
Familiarity with at least one major cloud platform
Experience with datasets generated by osquery, and Bro/Zeek
Coding/scripting proficiency in one or more languages, recent development experience, and the ability to pass a coding interview
Fluency in SQL for querying complex data sets
Experience performing data collection and analysis in cloud environments
Experience developing automation in support of incidents and investigations
Expertise in static and dynamic malware analysis
Experience performing analysis within EDR solutions (i.e. Carbon Black, CrowdStrike Falcon)
Contributions to the security community (open source, public research, blogging, presentations, etc)
The salary range for this position is $197,600 - 290,400. Compensation will vary depending on location, job-related knowledge, skills, and experience. You may also be offered a bonus, restricted stock units, and benefits. These ranges are subject to change.
Cruise LLC is an equal opportunity employer. We strive to create a supportive and inclusive workplace where contributions are valued and celebrated, and our employees thrive by being themselves and are inspired to do the best work of their lives.
We seek applicants of all backgrounds and identities, across race, color, ethnicity, national origin or ancestry, citizenship, religion, sex, sexual orientation, gender identity or expression, veteran status, marital status, pregnancy or parental status, or disability. Applicants will not be discriminated against based on these or other protected categories or social identities. Cruise will consider for employment qualified applicants with arrest and conviction records, in accordance with applicable laws.
Cruise is committed to the full inclusion of all applicants. If reasonable accommodation is needed to participate in the job application or interview process please let our recruiting team know or email HR@getcruise.com.
We proactively work to design hiring processes that promote equity and inclusion while mitigating bias. To help us track the effectiveness and inclusivity of our recruiting efforts, please consider answering the following demographic questions. Answering these questions is entirely voluntary. Your answers to these questions will not be shared with the hiring decision makers and will not impact the hiring decision in any way. Instead, Cruise will use this information not only to comply with any government reporting obligations but also to track our progress toward meeting our diversity, equity, inclusion, and belonging objectives.
Note to Recruitment Agencies: Cruise does not accept unsolicited agency resumes. Furthermore, Cruise does not pay placement fees for candidates submitted by any agency other than its approved partners.
