Share this Job

ORBIA Cyber Incident Response Senior Manager (REMOTE)

Orbia Advance Corporation is a Purpose-led company with big aspirations. We are out to advance life around the world while maximizing value to our shareholders, customers and employees. The Company is passionate about the topics that define how people will live and thrive tomorrow: the future of cities, buildings, agriculture, and materials. Orbia Advance Corporation has five business groups which offer innovative solutions across multiple industries including building and infrastructure, data communications, chemicals and more. In 2018, Orbia Advance Corporation bought a majority stake in Israeli-based Netafim, the world’s leader in drip irrigation, and is helping the world ‘grow more with less’ as it helps to solve food and water scarcity. Orbia Advance Corporation has operations in 41 countries with more than 22,000 employees.

We started as a producer of commodities and have evolved to become a provider of innovative solutions that address the global issues of rapid urbanization, water and food scarcity, and a growing and aging population. We’re already a global leader in Polymers, Fluor, Building & Infrastructure, Datacom, and Precision Irrigation. We have embarked on a CEO-led transformation, as part of our journey to become a truly purpose-led, future fit company.

ORBIA Senior Manager, Cyber Incident Response



The Senior Manager provides operational oversight for the cyber threat detection, investigation, and response function across Orbia’s footprint globally. The Senior Manager will be responsible for ensuring the ongoing detection and optimal response to cyber threats identified in Orbia’s networks and systems, as well as the maturity of our overall incident management capability. The Senior Manager will execute on a detection and response strategy enterprise-wide, driving and implementing global best practices and organizational standards.


This role has direct responsibility for both detection and response functions and relevant technology stacks, including SIEM, EDR/XDR, email security, DNS filtering, and network security appliances. This role will work closely with Orbia’s service providers to operate our cyber threat detection, investigation, and response toolsets and will liaise with IT teams internally to drive response and remediation. The senior manager will also work towards advancing and maturing our detection and response capability as a whole, by proactively implementing lessons learned help prevent incidents from reoccurring.


This role oversees the full lifecycle of the detection/response and incident management program, including managing service provider (Tier 1/Tier 2) deliverables, contextualizing incidents identified by service providers with Orbia-internal information, researching new detection content, developing and executing common incident management runbooks, guiding resolver groups within Orbia on thorough incident management procedures, as well as proactive threat hunting. Over time, the scope of this role may expand to include other detection and response functions/tools such as insider threat, forensics and malware analysis, and data loss prevention.


This role will be a key leader and a trusted advisor in incident handling, providing both proactive outreach and reactive security support to business group resolver teams. Upon declaration of a possible cyber crisis, this role will play a key part of Orbia’s overall Cyber Crisis Command structure, working closely with the crisis command team to drive remediation actions and resiliency.


This role will also work closely with the Director of Cyber Threat Operations to oversee SOC performance, as well as with peers on the broader threat operations team, to include respective leaders for vulnerability management, pen testing/red teaming, and crisis command.



•              Provide leadership and oversight for the detection/response and incident management program within Orbia.

•              Serve as a key leader in the cyber threat operations team, working closely with peers in vulnerability management, penetration testing and red/blue team exercises, and crisis command and resiliency.

•              Streamline incident management activities across disparate business groups and execute on a global strategy and standards. Lead development of common runbooks for most frequent or critical incident types.

•              Interface with IT stakeholders in each of Orbia’s business groups and at the corporate level to drive incident response and remediation.

•              Analyze root cause of recurring incidents and recommend and implement strategies to prevent reoccurrence in the future. Implement lessons learned during an incident to help improve Orbia’s security maturity.

•              Oversee the execution of SOW activities for Managed Detection and Response from Orbia’s service providers.

•              Stay abreast of current cyber threat landscape, cyber threat trends, threat actors/groups, and exploit campaigns.

•              Consider and recommend new tools, processes, or strategies to enhance Orbia’s incident management workflow and increase efficiencies.

•              Serve as a key leader during a confirmed incident. Liaise when necessary with external incident response providers to perform digital forensics, malware analysis, and recovery operations.

•              Create and disseminate operational and executive-level reports on the incident management program.

•              Maintain incident management program documentation, including Standard Operating Procedures and incident response runbooks, for optimal operational effectiveness.

•              Measure and track key performance metrics for the detection/response and incient management program, and  implement strategies for improvement to better secure Orbia’s environment.

•              Integrate the incident management program into Orbia’s cyber crisis command structure for emergency response activities. Upon crisis command plan initiation, assume a key leadership role in coordinating response, remediation, and resiliency.



-               Familiarity with relevant regulations, such as SOX, GDPR / data privacy, PCI-DSS, etc.

-               Relevant security certifications (e.g. CISSP, GCIH, GCIA, CEH, etc.)

-               Knowledge of international security framework and standards, such as ISO27001, NIST, CIS20, and assurance reporting standarards such as ISAE3402

-               Deep technical knowledge of security solutions and architecture principles and processes

-               Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)

-               Familiarity with Operational Technology (OT)/ICS/SCADA environments

-               Excellent analytical and problem-solving skills

-               Ability to build strong partnerships in a matrixed environment

-               Excellent verbal and written communication skills, including ability to translate complex technical subjects to non-technical audiences

-               Ability to learn, grow and take on expanded duties as business needs evolve

-               Excellent leadership skills and ability to communicate and influence at all levels and inspire through leadership to develop individuals and teams

-               Superb judgment and integrity, including excellent decision-making skills and a sense of urgency



-               10+ years of experience in one or more of the following areas: Information Security, Security Operations, Incident Response, or Cyber Threat Intelligence

-               Preferred: 5+ years of experience working directly in a Security Operations Center

-               2+ years of people management experience

-               Knowledge/experience with common threat detection tools, such as SIEM, EDR/XDR, IDS/IPS, and firewalls in a large enterprise environment

-               Knowledge/experience with other types of security operations tools, such as vulnerability scanners

-               Deep technical experience with the incident management lifecycle and incident analysis techniques

-               Experience working with or leading an incident command team or working in a cyber range environment

-               Understanding of threat hunting fundamentals

-               Experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, and application security

-               Experience in managing projects and proven organizational skills

-               Experience working in large global manufacturing companies

-               Bachelor degree required. Master’s degree in Computer science, Engineering or Business preferred




Our Global brands: Dura-Line, Koura Global, Vestolit, Netafim, Alphagary, Wavin.

They offer a broad range of value added solutions and finished products that contribute to customers’ success and ultimate improve the quality of life for people around the world. Along its commitment to good citizenship, Orbia Advance Corporation delivers Total Value to customers, employees and investors worldwide, every day.