Minneapolis, Minnesota, USA
37 days ago
Cybersecurity Operations, Investigations and Incident Response

Company Overview

Sleep Number is a sleep wellness technology leader. For nearly four decades, we have placed sleep at the center of wellbeing, improving over 15 million lives with our Sleep Number smart beds. We are guided by our purpose – to improve the health and wellbeing of society through higher quality sleep. This is exemplified through our 4,000+ mission-driven team members who passionately innovate to drive value creation through our vertically integrated business model, owning the process from start to finish, including selling in our over 650 stores nationwide.

Our team members are encouraged to bring their whole selves to work, sharing their unique perspectives, backgrounds and skills with Sleep Number every day. Whether you are entering, returning or experienced in the workforce, we have a place for you. We hope you join us in creating the future through higher quality sleep.

Position Purpose 

 

This individual contributor position plays a key role in shaping and maturing Sleep Number’s cybersecurity operations (“SOC”), cyber investigations, and incident response strategy by leading the Security Operations, Cyber Investigations and Incident Response capability within Sleep Number’s Information Security organization, including closely overseeing third party-managed services. This role possesses an elevated level of communication and relationship-building acumen (all audiences, including executives and non-technical stakeholders), a strong technical background, and deep field-relevant experience. 

 

Primary Responsibilities 

 

Develop and implement strategies to enhance the SOC's effectiveness, threat detection, and incident response capabilities with other technology teams. 

Provide coaching and feedback to third party security operations staff (responsible for level 1-2) and account manager(s). Ensure KPIs are maintained. Escalate non-compliance to contractual agreement(s). 

Lead development and maintenance of quality SOC playbooks (direct third-party team and contribute as needed). 

In the event of a cyber incident, will execute CSIRT (Cyber Security Incident Response Team) playbooks as Cyber Incident Commander which includes adhering directly to CSIRT playbooks and navigating the event(s) with confidence which includes VP+ level executives and mobilizing cross-functional teams. 

Lead cybersecurity investigations and incident handling activities and coordinate with other in-house experts based on the nature of the event, notable or incident. 

Develop and conduct incident response tabletop exercises and simulations at least twice annually (may or may not include engaging a third party to conduct the exercise) 

Analyze security incidents to identify root causes and recommend and/or implement corrective actions. 

Develop and implement threat detection and monitoring strategies in partnership with platform owners who may reside on other teams across the company. 

Communicate effectively and confidently with executive leadership (VP and above) on the status of cybersecurity operations and incidents.  

Partner closely with security engineers and other technology teams to advise and help implement improvements to detections, monitoring platforms and workflow platforms. 

Provide regular updates and reports to senior management and relevant stakeholders. 

Drive prioritization and ownership of improvements needed in alignment with overall cybersecurity and technology strategies, make thoughtful recommendations to leadership and when required, make well-crafted pitches for resources, technologies. 

 

Key Performance Indicators 

 

Hold security operations partner(s) held accountable to KPIs outlined as part of contractual obligations and escalation procedures initiated where KPIs are not met. 

Lead and execute cybersecurity events, notables, investigations and validations in accordance with internal service level agreements (“SLAs”). 

Achieve improvements to comprehensive security tooling and communications, including advancing automations across technology teams to reduce manual steps and expedite investigations. 

Successful execution of published CSIRT playbook(s) should an incident situation arise. 

Conduct at least two internal incident response tabletops per year among internal technology teams and one every 2-3 years with C-level executives. 

 

 

Position Requirements 

 

7+ years of relevant professional experience. 

5+ years of demonstrated experience in cybersecurity incident handling, incident response and security operations, which includes at least 2 years of oversight of a third-party managed service provider.  

BA/BS Degree in Cybersecurity, Computer Science, or related discipline, or equivalent practical experience. 

CISSP Certification (exceeding years of confirmed experience can circumvent this requirement).  Non-CISSP-certified candidates would be encouraged to pursue CISSP certification as part of developmental expectations within one year of start date. 

Proven experience in managing an outside managed service provider (e.g., MDR, SOC as service) to ensure KPIs and service levels are maintained. 

 

Knowledge, Skills & Abilities 

Exceptional written and verbal communication skills to present technical topics to technical and non-technical audiences. 

High level of comfort leading a CSIRT team which includes VP+ level executives and developing audience-targeted read outs and reports relating to incidents. 

Proven experience in incident handling/incident response techniques within a cloud-based environment such as AWS/Azure/GCP 

Interacts confidently with executive leaders in technology, legal, internal audit and our cybersecurity insurance provider(s), external counsel or external assessors/auditors and coordinates with internal and external stakeholders during security incidents which includes non-technical and/or executive stakeholders. 

Experience with thorough, quality documentation around incident response analysis activities 

Expertise in Cyber Security attacks, tools & techniques, and experience with Advanced Threat management  

Ability to tune correlation rules and outcomes via security information and event management (SIEM) and security orchestration, automation, and response (SOAR) platforms 

Has a sound understanding of SIEM, DLP, CASB, EDR, NDR, operating systems, MITRE ATT&CK framework and other threat detection platforms 

Excellent analytical, problem-solving, and interpersonal skills. Maintains composure during high stakes/high stress situations. 

Knowledge of digital forensics tools and techniques (e.g., EnCase, FTK). Experience in conducting forensic analysis of compromised systems, including understanding of evidence handling and chain of custody procedures. 

Proven experience and knowledge in the MITRE ATT&CK framework and VERIS Framework 

Experience with Splunk and Splunk Enterprise Security (ES) are a plus. 

Any of the following certifications are a plus:  C|EH, CISA, CISM, CSSLP, GIAC, CompTIA Security+, CCSP, GIAC, AWS/Azure Certifications. 

 

Working Conditions

 

This is a hybrid position that requires at least 3 days a week in our Minneapolis office for candidates within 45 miles of our downtown Minneapolis office. No relocation assistance will be offered. 

Travel possible – up to 10% 

Wellbeing

Wellbeing is more than a catchphrase - it's a movement that permeates our company and through our team members. We are dedicated to enhancing and supporting the wellbeing of our team members and their families through benefits, programs, and resources across our five wellbeing pillars of emotional, financial, career, community, and physical health, with sleep at the center.

By joining our team, in addition to offering competitive pay programs, we are proud to offer eligible team members an extensive benefits package including, but not limited to medical and pharmacy benefits, dental, life and disability insurance, a matched 401(k) Plan, paid time off, and much more.

Safety

Safety is a top priority for Sleep Number supporting customers and team members wellbeing. COVID-19 Precaution(s) are in place consistent with CDC guidelines, U.S. Department of Labor’s Occupational Health & Safety Administration (OSHA), and state/local laws.

EEO Statement

Sleep Number is an equal opportunity employer. We are committed to recruiting, hiring and promoting qualified people and prohibit discrimination based on race, color, marital status, religion, sex (including gender, gender identity, gender expression, transgender status, pregnancy, childbirth, and medical conditions related to pregnancy or childbirth), sexual orientation, age, national origin or ancestry, citizenship status, physical or mental disability, genetic information (including testing and characteristics), veteran status, uniformed servicemember status or any other status protected by federal, state, or local law.

Americans with Disabilities Act (ADA)

It is Sleep Number’s policy to provide reasonable accommodations to qualified individuals with disabilities during the application process, consistent with applicable law. We may require supporting medical or religious documentation where applicable and permissible by law. If you are a qualified individual, you may request a reasonable accommodation at any time during the selection process, including if you are unable or otherwise limited in your ability to access open roles here.

Confirm your E-mail: Send Email