CSIRT Lead

Sandvik Cybersecurity Incident Response Team (SAND-CSIRT) is seeking a CSIRT Lead to join our team of defenders. Leading the team in handling complex cybersecurity incidents globally across the company and further develop our capabilities to safeguard Sandvik. And when we say globally, we literally mean every corner of the world.
The CSIRT is part of our Cybersecurity Defense Centre, which also include our Sandvik SOC team and a Cybersecurity Architect team. All three teams work closely together with the same goal - secure Sandvik by handling cybersecurity incidents from detection to recovery.
About the job
You’re part of the team that finds the entry point of an attack, figuring out what was exposed and if any data was extracted and together you constantly evaluate our attack-surface and how to protect Sandvik in the best possible way.
In this role, you’re:
· leading the team in developing our capabilities to secure Sandvik.
· continuously developing the roadmap for the CSIRT team.
· ensuring incident response processes, guidelines and infrastructure are adequately documented and maintained.
· part of the team leading the technical work with complex and long running incidents.
· together with the team, developing new tools as well as adapting current tools; helping us perform our detection and respond quicker and better.
· together with the team developing ways to prevent cyber related encounters that we can get affected by or just don’t want to have.
· collaborating with our stakeholders in security matters, ensuring that incident response plan is up to date
· taking lead in setting up exercises to ensure that we can manage any relevant threat to the organization. and ensuring that processes are updated, accessible and adhered to.
The location for this position is either Stockholm or Sandviken, Sweden.
Who you are
We’re looking for someone with extensive experience from incident handling combined with a proven track record of automation and a drive for continuous improvements. Your background includes working hands-on within the cybersecurity area and preferably within an enterprise IT environment. You also have experience from a leading role within a team (for example, team-leader, technical lead, leading projects etc.).
To be successful in this role, you also need experience or knowledge in/of:
· security incident management (preferably in a CSIRT)
· maintaining, updating and produce process and guidelines-documentation, roadmaps
· documenting tooling and infrastructure
· stakeholder management
· the ITIL framework
· technical solutions like Firewalls, Switches and Active Directory structures
· various operating systems such as Windows or Linux
· excellent English skills, verbal and written.
While it’s a plus if you have:
· familiarity with common protocols found in enterprise environments as well as common solutions for collaboration, client and server platforms, identity and networking
· experience from different cloud environments
· programming and scripting skills
· an IT degree or the equivalent experience gained from work.
Your personality truly makes the difference! You’re a curious individual with a drive to develop our capabilities and at the same time advance yourself both personally and professionally. Your drive and curiosity inspire other, and you tend to find yourself in a leading role, informal if nothing else. Being an excellent communicator and team player, you truly believe in collaboration, but at the same time you’re also independent and self-going. You’re used to work in an ever-changing environment, and are able to multitask, work with agility and navigate ambiguity and at a high rate of change.
Our Sandvik culture
At Sandvik, we live by our purpose “Make the Shift – and advance the world through engineering”. We have a clear objective of being a leader within digital solutions for the industries we serve, and we focus on growing our digital offering to help our customers become more productive. Our sustainability goals include becoming more than 90 percent circular by 2030 and reducing greenhouse gas emissions to meet the goals of the Paris Agreement. To achieve this, we keep striving for an even more diverse and inclusive organization – because we're sure that differences improve our business and create a culture of innovation. By acting in line with our core values Customer Focus, Innovation, Fair Play, and Passion to Win, we make Sandvik a great place to work! Learn more about our business by visiting our website, LinkedIn or Facebook.
Application
This position has an ongoing selection process, please send your application as soon as possible but no later than October 1, 2022. Read more about Sandvik Group and apply at home.sandvik/career (Job ID: R0044161).
As we aim for an open and fair recruitment process, we utilize assessment tools to safeguard objectivity. When you apply for this job, you’ll therefore get an invitation via email to a personality and logic ability test. After completed test you’ll receive feedback and the selection process starts after the application deadline.
Contact information
For further information about this position, please contact:
Daniel Häggquist, recruiting manager, +46 (0)72 235 32 80
Union contacts - Sweden
Malena Rackner, Unionen, +46 (0)26 262 748
Göran Norell, Akademikerföreningen, +46 (0) 26 26 65 74
Peter Olsson-Andrée, Ledarna, +46 (0)26 26 19 84

For more information about the recruitment process, please contact HR Services, +46 (0)26 261 444.
Recruitment Specialist
Therese Rutqvist
Sandvik is a global high-tech engineering group offering solutions that enhance productivity, profitability and sustainability for the manufacturing, mining and infrastructure industries. We are at the forefront of digitalization and focus on optimizing our customers’ processes. Our world-leading offering includes equipment, tools, services and digital solutions for machining, mining, rock excavation and rock processing as well as advanced materials. In 2021 the Group had approximately 44,000 employees and revenues of about 99 billion SEK in about 150 countries.