Cyber Security Incident Response Team (CSIRT) Manager

< Back to Search Results Cyber Security Incident Response Team (CSIRT)

Manager Job ID:

2012768

Career Area:

ICT, Digital and Data Position Type:

Salaried Location:

Headquarters & Technology Center - Auburn Hills 48326 ,

US Date Posted:

March 23, 2026

Brand:

FCA Group Apply Refer A Friend Share this job Share on Facebook Share on Twitter Share on Linkedin Share by Mail https://recruiting.adp.com/srccar/public/RTI.home?r=5001157700506&c=2183219&d=ExternalCareerSite&rb=??? You are being redirected Once you are on the page, please click the refer button

Job Overview Qualifications Benefits Job Overview Description:

The CSIRT Manager leads the Cyber Security Incident Response Team (CSIRT) , operating within Stellantis' Cyber Defense Operations Center (CDOC) and in close partnership with several others cybersecurity teams, and regional stakeholders. You will own the incident response lifecycle, ensure adherence to Stellantis crisis procedures, drive operational excellence (MTTD/MTTR), and cultivate a high performing team in a follow the sun model . Stellantis is a global mobility leader with the ambition to deliver clean, safe, and affordable freedom of mobility for all , guided by the Dare Forward 2030 strategy and a commitment to carbon net zero by 2038 (Scopes 1-3) with interim 2030 decarbonization targets. Our portfolio of iconic brands and strong operational performance underpin this transformation into a sustainable mobility tech company.

Key responsibilities:

Own the

Cyber Security IR Lifecycle & Escalation:

Direct the end-to-end response across preparation, detection/analysis, containment, eradication, recovery, and post incident, following Lead & Develop the

Team:

Manage, mentor, and schedule CSIRT analysts and leads across shifts and on call rotations within the distributed regional model; drive skills development and readiness.

Command During Crises:

Serve as Cyber Security Incident Commander for high/critical events and integrate the right SMEs into the crisis cell, ensuring disciplined communications and handoffs as defined in the CSIR crisis process.

Metrics & Reporting:

Establish, track, and improve KPIs/SLAs (e.g., MTTD, MTTR, containment time, PIR completion) and present status in monthly business reviews and dashboards.

Playbooks, Use Cases & Lessons Learned:

Ensure playbooks/response procedures are current and threat informed; feed PIR insights back into detections, SOAR workflows, and control hardening in partnership with platform engineering and detection teams.

Cross Functional Orchestration:

Coordinate with CDOC other products (CTI, Redteam, Monitoring) and Legal/Privacy, Comms, and business/IT/Cloud owners; align to the SOC Target Operating Model and service catalogue.

Threat Informed Response:

Consume and task Cyber Threat Intelligence and threat hunting to guide scoping, IOCs, and hypotheses; ensure bidirectional feedback between CTI, Red Team, and CSIRT.

Tooling & Case Management:

Ensure consistent use of the cyber security incident/case platform and evidence handling procedures; maintain audit ready documentation and artifacts.

Vendor & Retainer Oversight:

Govern Cyber Security IR retainer(s) and MSSP engagements; validate service performance and integration with internal processes.

Compliance & Governance:

Ensure incident handling aligns with Stellantis policy, applicable regulations, and internal governance boards; prepare materials for audits, PIRs, and leadership readouts (per SOC governance and crisis documentation).

Sample Duties:

Direct major cyber security incident bridges, integrate SMEs, and ensure timely executive updates per crisis process; confirm accurate status tracking and next actions. Oversee investigations (host/network/cloud), evidence handling, and scoping; validate containment/eradication and business recovery while maintaining audit‑ready documentation. Run post‑incident reviews and feed structured improvements into playbooks/use cases and control posture, track remediation to closure. Report KPIs/SLAs and risk themes in monthly reviews; align resourcing and tooling roadmaps to findings. Coordinate with CTI for threat‑informed scoping and proactive hunts; ensure bi‑directional intel sharing and IOC packages. This role is based in Auburn Hills, MI and is required to be on-site in our HQ building 5 days per week.

Qualifications Basic Qualifications:

Bachelor's degree in Cybersecurity, Computer Science, or related field. 5+ years in SOC / Cyber Security Incident Response roles with 2+ years managing cyber security incident response teams or programs in large, distributed enterprises. Demonstrated leadership during high/critical incidents and familiarity with crisis management communications per established escalation matrices. Hands on knowledge of SIEM/SOAR, EDR, network security monitoring, IA detection & Response tools/ framework and cloud/identity telemetry; strong grasp of attacker TTPs and enterprise hardening. Experience operating to structured IR frameworks (e.g., NIST style lifecycle) and running formal after action/lessons learned cycles integrated with use case/playbook updates. Excellent written/oral communication, stakeholder management, and executive reporting skills; comfortable presenting in MBRs and steering forums.

Preferred Qualifications:

Prior leadership within a

CSIRT/CSOC

supporting multiple regions and product/OT security stakeholders.

Certifications :

GCIH, GCFA/GNFA, GCIA, CISSP, OSCP

(or comparable). Experience with threat‑informed defense (MITRE ATT&CK), KPI/SLA governance, and MSSP/retainer management. Familiarity with worldwide privacy/security obligations and incident communication expectations in regulated, multi‑jurisdictional environments (in partnership with Legal/Privacy).

Essential Skills & Competences:

Crisis Leadership:

Decisive command in high pressure situations, with disciplined adherence to escalation and executive comms playbooks.

Operational Excellence:

KPI driven mindset; ability to translate PIR insights into upgraded detections, controls, and automations.

Collaboration & Influence:

Build strong relationships across CSOC, PSOC, CTI, Red Team, platform engineering, and business/IT owners.

Communication:

Clear incident narratives, timelines, and executive one pager; ability to brief senior leadership succinctly. Benefits Salaried Employee Benefits (US, Non-Represented) Health & Wellbeing Comprehensive coverages encompassing the Physical, Mental, Emotional, and overall Wellbeing of our employees, including short- and long-term disability. Compensation, Savings, and Retirement Annual Incentive Plan (SAIP), 401k with Employer Match & Contribution (max 8%), SoFi Student Loan Refinancing. Time Away from Work Paid time includes company holidays, vacation, and Float/Wellbeing Days. Family Benefits 12 Weeks paid Parental Leave, Domestic Partner Benefits, Family Building Benefit, Marketplace, Life/Disability and other Insurances. Professional Growth Annual training, tuition reimbursement and discounts, Business Resource & Intra-professional Groups. Company Car & More Comprehensive Company Car Program and Vehicle Discounts. Vehicle discounts include family and friends. EOE/Disability/Veteran At Stellantis, we assess candidates based on qualifications, merit, and business needs. We welcome applications from all people without regard to sex, age, ethnicity, nationality, religion, sexual orientation, disability, or any characteristic protected by law. We believe that diverse teams reflect our identity as a global company, enabling us to better address the evolving needs of our customers and care for our future. Our benefits reflects the

STELLANTIS

commitment to helping you reach your personal and professional goals. In addition to an environment that promotes career development, we offer benefits for a healthy lifestyle and a rewarding future, designed to take care of you and your family, in various stages of life. As a global company, our employee packages will vary by country, customary norms and the legal entity into which you are hired. We care about your privacy. For more information on how your personal data is processed, please read the specific Privacy Statement provided by the respective entities whose job offer you have selected. Apply Join our Talent Community Create a talent profile to receive relevant job alerts and the latest company news! If you're a U.S. Veteran, please sign up through our Veterans Recruiting Program page. Create a Talent Profile Sign into your profile