Program Manager, Cybersecurity Incident Response

The Cybersecurity Incident Response Program Manager will manage the investigation and remediation of advanced cyber-attacks for Trinity Industries, Inc. The right candidate will use a deep understanding of both existing and emerging threat actors, as well as experience identifying rapidly changing tools, tactics and procedures of attackers to coordinate and manage cybersecurity events. Agility and experience in creating scalable programs for large environments is highly desired.

The Cybersecurity Incident Response Program Manager is a positive, flexible, self-starter requiring minimal supervision who excels in a fast-paced environment. This position requires deep analytical skills as well as a robust understanding of technology, tools, and incident response and recovery processes. Candidates must be comfortable creating and maintaining formal documentation of policies, processes, and procedures across multiple disciplines. Communication skills are critical with the ability to verbalize and provide documentation to both technical and non-technical audiences. Successful candidates will be detail-oriented with the ability to multi-task effectively while mentoring and advising other team members and acting as a subject matter expert for all aspects of incident response.


  • Coordinate the design, build, and day-to-day operations of the cybersecurity incident response program
  • Monitor, detect, identify, and investigate computer and network intrusions
  • Identify suspicious and malicious activity in a global/multi-national heterogeneous network environment and respond appropriately, including:
    • Managing SIEM events and responding to alerts
    • Reading and understanding network traffic capture files
    • Monitoring and analysis of network and IDS information
    • Log collection, analysis, correlation, and alerting
    • Identification of suspicious/malicious activities
    • Identification and tracking of malicious code
    • Technical analysis of malware and exploit code
  • Fluent in network and application data flows and architectures
  • Develop and maintain in-depth knowledge and hands-on experience with computer network security techniques and best practices
  • Stay current with and remain knowledgeable about new threats
  • Analyze attacker tactics, techniques and procedures (TTPs) from security events across a large network of security devices and end-user systems
  • Collaborate with other Cybersecurity and IT professionals to assess potential impact of incidents and recommend containment and recovery actions
  • Act as Incident Response subject matter expert (SME) and coordinate response actions across multiple teams with a global footprint
  • Deliver actionable metrics and reporting for operations and leadership transparency


  • Bachelor’s Degree or equivalent work experience
  • 5+ years of incident response and information security experience
  • Technical experience in at least three of the following areas:
    • SIEM technologies
    • Network Security Monitoring (NSM), network traffic analysis, and log analysis
    • Static and dynamic malware analysis
    • One or more scripting languages (e.g., Python, PowerShell, etc.)
    • Cloud platform security
    • Thorough understanding of enterprise security controls in Active Directory / Windows environments
  • Ability to quickly and concisely communicate with senior management on technical issues in non-technical terms and to run large conference calls during Incident calls with a wide range of personnel and management levels.
  • Ability to plan, organize, prioritize, and work independently to meet deadlines
  • Ability to generate and maintain formal program and process documentation

Preferred Qualifications:

  • GCIA, GCIH, CISSP or other relevant certifications

EEO Employer

Trinity provides equal employment and affirmative action opportunities to applicants and employees without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability. View the EEO is the Law poster here and its supplement here. The pay transparency policy is available here. Trinity participates in E-Verify, details here.

Trinity is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the employment process, please send an e-mail to This email address should only be used for accommodations and not general inquiries or resume submittals.

Job ID : 2200744

More Information

Apply for this job

Leave your thoughts