Apply on Employer Site

Stellantis · 3 days ago

CSIRT Manager

Auburn Hills, MI

Full-time

Onsite

Senior Level

5+ years exp

Stellantis is a global mobility leader with the ambition to deliver clean, safe, and affordable freedom of mobility for all. The CSIRT Manager will lead the Cyber Security Incident Response Team, overseeing the incident response lifecycle and ensuring operational excellence while mentoring a high-performing team.

AutomotiveIndustrial ManufacturingRetailTransportation

H1B Sponsor Likely

Responsibilities

Own the IR Lifecycle & Escalation: Direct the end-to-end response across preparation, detection/analysis, containment, eradication, recovery, and post incident, following

Lead & Develop the Team: Manage, mentor, and schedule CSIRT analysts and leads across shifts and on call rotations within the distributed regional model; drive skills development and readiness

Command During Crises: Serve as Incident Commander for high/critical events and integrate the right SMEs into the crisis cell, ensuring disciplined communications and handoffs as defined in the CSIR crisis process

Metrics & Reporting: Establish, track, and improve KPIs/SLAs (e.g., MTTD, MTTR, containment time, PIR completion) and present status in monthly business reviews and dashboards

Playbooks, Use Cases & Lessons Learned: Ensure playbooks/response procedures are current and threat informed; feed PIR insights back into detections, SOAR workflows, and control hardening in partnership with platform engineering and detection teams

Cross Functional Orchestration: Coordinate with CDOC other products (CTI, Redteam, Monitoring) and Legal/Privacy, Comms, and business/IT/Cloud owners; align to the SOC Target Operating Model and service catalogue

Threat Informed Response: Consume and task Cyber Threat Intelligence and threat hunting to guide scoping, IOCs, and hypotheses; ensure bidirectional feedback between CTI, Red Team, and CSIRT

Tooling & Case Management: Ensure consistent use of the incident/case platform and evidence handling procedures; maintain audit ready documentation and artifacts

Vendor & Retainer Oversight: Govern IR retainer(s) and MSSP engagements; validate service performance and integration with internal processes

Compliance & Governance: Ensure incident handling aligns with Stellantis policy, applicable regulations, and internal governance boards; prepare materials for audits, PIRs, and leadership readouts (per SOC governance and crisis documentation)

Direct major incident bridges, integrate SMEs, and ensure timely executive updates per crisis process; confirm accurate status tracking and next actions

Oversee investigations (host/network/cloud), evidence handling, and scoping; validate containment/eradication and business recovery while maintaining audit‑ready documentation

Run post‑incident reviews and feed structured improvements into playbooks/use cases and control posture, track remediation to closure

Report KPIs/SLAs and risk themes in monthly reviews; align resourcing and tooling roadmaps to findings

Coordinate with CTI for threat‑informed scoping and proactive hunts; ensure bi‑directional intel sharing and IOC packages

Qualification

Incident Response ManagementCybersecurity LeadershipSIEM/SOAR KnowledgeCrisis ManagementKPI/SLA GovernanceThreat IntelligenceCloud SecurityOperational ExcellenceCommunication SkillsCollaboration

Required

Bachelor's degree (or equivalent experience) in Cybersecurity, Computer Science, or related field

5+ years in SOC/IR roles with 2+ years managing incident response teams or programs in large, distributed enterprises

Demonstrated leadership during high/critical incidents and familiarity with crisis management communications per established escalation matrices

Hands on knowledge of SIEM/SOAR, EDR, network security monitoring, IA detection & Response tools/ framework and cloud/identity telemetry; strong grasp of attacker TTPs and enterprise hardening

Experience operating to structured IR frameworks (e.g., NIST style lifecycle) and running formal after action/lessons learned cycles integrated with use case/playbook updates

Excellent written/oral communication, stakeholder management, and executive reporting skills; comfortable presenting in MBRs and steering forums

Preferred

Prior leadership within a CSIRT/CSOC supporting multiple regions and product/OT security stakeholders

Certifications : GCIH, GCFA/GNFA, GCIA, CISSP, OSCP(or comparable)

Experience with threat‑informed defense (MITRE ATT&CK), KPI/SLA governance, and MSSP/retainer management

Familiarity with worldwide privacy/security obligations and incident communication expectations in regulated, multi‑jurisdictional environments (in partnership with Legal/Privacy)

Benefits

Comprehensive Health & Well-being Coverage

Family Building Benefit

Generous Paid Time Off

Competitive Retirement Savings Plans

Income Protection & Insurance Options

Company Vehicle Lease Program

Support for Your Growth and Giving Back

Company

Stellantis

Glassdoor3.7

Stellantis is an Franco-Italian-American automotive holding company that manufactures automobiles.

Founded in 2021

Hoofddorp, Noord-Holland, NLD

10001+ employees

https://www.stellantis.com/

H1B Sponsorship

Stellantis has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2025 (2)

2024 (3)

2023 (2)