Thrasio is the consumer goods company reimagining omnichannel commerce and consumer products, and boasts an innovation engine that brings high-quality products to market across digital marketplaces, channels, and retailers globally.
With the experience of evaluating more than 6,000 Amazon companies, acquiring over 130 top-rated brands, and managing the scale of 22,000 products, Thrasio is the largest acquirer of Amazon FBA brands. Since our founding in 2018, the team has grown to more than 1,000 people globally--most of that growth has occurred during the COVID-19 pandemic. Hiring people who share a passion for their craft in the eCommerce space is the reason were projected to grow more than 10x in the next few years. This growth is supported by investors whose portfolios include Facebook, Google, Jet.com, StitchFix, and Lululemon. We do our best work when were surrounded by people who are insatiably curious, agile, and who thrive in collaborative, check-your-ego-at-the door working environments. Sound like you? Wed love to chat.
We are looking for a CyberSecurity Operations Manager to build cyber defense controls and manage security operations to protect Thrasio from cyber threats. In this role, you will manage security operations and vulnerability management of infrastructure, platforms and applications. You will work with key IT and business stakeholders to conduct technical analysis and respond to security issues, as well as threats and incidents, vulnerability assessments and remediation, security investigations, end user protection and third-party security incident investigations.
- Lead and manage all security operations for the organization
- Lead and manage business resiliency and the incident response lifecycle; coordinate incident response
- Develop and implement monitoring capabilities
- Develop and implement strategies to reduce operational risk
- Conduct red team/blue team/purple team exercises
- Drive and manage the vulnerability assessment and asset management lifecycle
- Work closely with the CyberSecurity Engineering team to establish a regular cadence for internal and external penetration testing for all products and cloud-hosted applications
What You Bring to the Party:
- Bachelor's degree in Information Security, Computer Science or related field preferred
- 7 years of experience in Cyber Security, Security Operations, Monitoring and Response
- Minimum of 5 years of experience in managing Incident Response and Vulnerability Management (experience leading high-pressure incidents (e.g. data breaches) a plus)
- Demonstrated experience applying security and risk frameworks, and regulations such as NIST CSF/800-53/800-171, Cyber Kill Chain, MITRE ATT&CK, OWASP, CSA, etc.
- Deep technical knowledge and experience in SIEM, threat intelligence platforms, vulnerability assessment tools, Cloud platforms, EDR, Cyber threats and attack vectors, exploitation methods, IOC and TTP's, Infrastructure and Application security in a distributed environment
- Experience in Threat modeling, Threat hunting and intelligence, Incident Response Tabletop exercise, and process automation
- Proven ability to build partnerships and collaboration between stakeholder teams
- Strong communication skills and ability to outline security risks to senior leadership
- Certifications: Information Security certifications (CISSP, SANS GIAC, CISA, etc.)
- Strong background in technical engineering and architecture, such as infrastructure/cloud engineering or software development
- Experience managing security vendors and managed services providers
- Experience in Cyber Security Architecture, Cloud Platform Security, Risk Assessment, Network Security, IAM, Data Security and Governance
- Experience working in a fast-paced, high-tech, and customer obsessed environment
- Demonstrated leadership, team management, and decision-making skills
- Ability to manage and participate in an on-call rotation performing weekend and after-hours support
Not sure you check every box?
Research shows that while men apply to jobs when they meet an average of 60% of the criteria, women and other marginalized folx tend only to apply if they meet 100% of the qualifications. At Thrasio, we need people who think rigorously and arent afraid to challenge assumptions, so were looking for diverse perspectives, as long as you meet the minimum criteria.
Youre encouraged to apply even if your experience doesnt precisely match the job description. Join us!
THRASIO IS PROUD TO BE AN EQUAL OPPORTUNITY EMPLOYER AND CONSIDERS ALL QUALIFIED APPLICANTS FOR EMPLOYMENT WITHOUT REGARD TO RACE, COLOR, RELIGION, SEX, GENDER, SEXUAL ORIENTATION, GENDER IDENTITY, ANCESTRY, AGE, OR NATIONAL ORIGIN. FURTHER, QUALIFIED APPLICANTS WILL NOT BE DISCRIMINATED AGAINST ON THE BASIS OF DISABILITY, PROTECTED CLASSES, OR PROTECTED VETERAN STATUS. THRASIO PARTICIPATES IN E-VERIFY.
Thrasio does not accept agency resumes. Please do not forward resumes to our jobs alias, Thrasio employees or any other organization location. Thrasio is not responsible for any fees related to unsolicited resumes.