At Compass, our mission is to help everyone find their place in the world. Founded in 2012, we’re revolutionizing the real estate industry with our end-to-end platform that empowers residential real estate agents to deliver exceptional service to seller and buyer clients.

WHO YOU ARE (QUALIFICATIONS & ATTRIBUTES):

• Experienced Leader & Practitioner: Bachelor’s degree in a relevant field or equivalent practical experience. 7+ years in cybersecurity, with 4+ years directly focused on hands-on Incident Response and/or Digital Forensics. 2+ years managing/leading technical teams, with demonstrated success in team growth through mentoring and coaching.
• Technically Proficient: Deep understanding of IR lifecycle, cyber kill chain, MITRE ATT&CK, modern attacker exploits, and persistence techniques. Strong knowledge of operating systems, networking, and security infrastructure (SIEM, EDR, Forensics tools). Well-versed in event analysis/triage.
• Domain Expertise: Demonstrate strong understanding in several of the following: Web Application Security, Cloud Infrastructure Security (AWS, GCP preferred), Network Security, Operating System Security, Identity and Access Management (IAM), including Okta, SaaS Security.
• Investigative & Analytical: Enjoy the challenge of investigation, possess strong analytical and problem-solving skills, and have the ability to analyze and correlate across large datasets to drive remediation.
• Automation Focused: You take an automation-first approach and understand leveraging automation to address security challenges at scale.
• Strong Communicator: Excellent ability to communicate complex technical concepts clearly and concisely to both technical and non-technical audiences.
• Collaborative & Empathetic: You are empathetic, accountable, and build trust. You foster psychological safety and inclusivity and excel at working across multiple departments.
• Strategic & Proactive: Ability to prioritize team investments based on business goals and risk, proactively identify areas for growth and efficiency, and operate effectively in a fast-paced, public company environment.
• Incident Command Presence: Proven experience leading as an Incident Commander during significant events.

PREFERRED QUALIFICATIONS:

• Master’s degree in a relevant field.
• Relevant industry certifications (e.g., CISSP, GCIH, GCFA, GCFE, GNFA, GREM, CHFI).
• Experience applying AI/ML concepts to security use cases.
• Experience with Security Orchestration, Automation, and Response (SOAR) platforms.
• Proficiency in scripting languages (e.g., Python, PowerShell).
• Familiarity with compliance frameworks (e.g., SOX, PCI-DSS, GDPR, CCPA).

PERKS THAT YOU NEED TO KNOW ABOUT:

Participation in our incentive programs (which may include eligible cash, equity, or commissions). Plus paid vacation, holidays, sick time, parental leave, and recharge leave; medical, tele-health, dental and vision benefits; 401(k) plan; flexible spending accounts (FSAs); commuter program; life and disability insurance; Maven (a support system for new parents); Carrot (fertility benefits); UrbanSitter (caregiver referral network); Employee Assistance Program; and pet insurance.

• Hands-On Leadership & Strategy: Develop, implement, and continuously improve the strategic roadmap for IR and Forensics, while actively participating in day-to-day operations, investigations, and response activities.
• Team Development & Mentorship: Lead, mentor, coach, and develop a high-performing team through regular feedback and 1:1s, while fostering a collaborative environment. Grow and train multiple Incident Commanders within the organization.
• Detection & Response Enhancement: Lead and contribute to detection and response capabilities, focusing on creating high-fidelity alerts and developing automated responses and runbooks for repeated events.
• Incident Response Lifecycle Management: Own, refine, and participate in the end-to-end IR process (preparation, detection, analysis, containment, eradication, recovery, post-mortem) ensuring consistency, rigor, and adherence to frameworks across the company, subsidiaries, and joint partnerships.
• Incident Command: Serve as a primary Incident Commander (IC) during significant security incidents, demonstrating calm, clear coordination and decision-making, while also developing this capability in others.
• Digital Forensics & Investigation: Oversee and perform digital forensics activities across various platforms. Personally engage in challenging investigations to identify root cause and drive impactful responses, analyzing and correlating large, diverse datasets.
• Post-Mortem & Improvement Cycle: Drive a rigorous post-mortem process focused on thorough root cause analysis and actionable remediation plans. Conduct regular assessments of detection and response controls to improve security posture and prevent regression.
• AI Integration & SOC Optimization: Champion and guide the utilization of AI/ML techniques to improve threat detection, automate response, reduce analyst fatigue, and optimize SOC staffing/resource allocation. Collaborate closely with the Security Detection Engineers.
• Automation & Telemetry: Drive an automation-first approach to IR and forensics tasks. Enhance and drive telemetry around the company platform and leveraged technologies to improve visibility and detection.
• Collaboration & Partnership: Partner effectively with other information security teams, SOC, Threat Intelligence, Engineering, IT, Legal, Compliance, and business units to improve operational capabilities, provide preventative control feedback, and ensure alignment during incidents.
• Communication & Reporting: Clearly communicate technical findings, security vulnerabilities, and remediation techniques in an accessible way to diverse audiences, including executive leadership. Define and report on KPIs for IR effectiveness.