The CSIRT Manager leads the Cyber Security Incident Response Team (CSIRT), operating within Stellantis’ Cyber Defense Operations Center (CDOC) and in close partnership with several others cybersecurity teams, and regional stakeholders. You will own the incident response lifecycle, ensure adherence to Stellantis crisis procedures, drive operational excellence (MTTD/MTTR), and cultivate a high performing team in a follow the sun model.

Stellantis is a global mobility leader with the ambition to deliver clean, safe, and affordable freedom of mobility for all, guided by the Dare Forward 2030 strategy and a commitment to carbon net zero by 2038 (Scopes 1–3) with interim 2030 decarbonization targets. Our portfolio of iconic brands and strong operational performance underpin this transformation into a sustainable mobility tech company.

Key responsibilities:

Own the IR Lifecycle & Escalation: Direct the end-to-end response across preparation, detection/analysis, containment, eradication, recovery, and post incident, following
Lead & Develop the Team: Manage, mentor, and schedule CSIRT analysts and leads across shifts and on call rotations within the distributed regional model; drive skills development and readiness.
Command During Crises: Serve as Incident Commander for high/critical events and integrate the right SMEs into the crisis cell, ensuring disciplined communications and handoffs as defined in the CSIR crisis process.
Metrics & Reporting: Establish, track, and improve KPIs/SLAs (e.g., MTTD, MTTR, containment time, PIR completion) and present status in monthly business reviews and dashboards.
Playbooks, Use Cases & Lessons Learned: Ensure playbooks/response procedures are current and threat informed; feed PIR insights back into detections, SOAR workflows, and control hardening in partnership with platform engineering and detection teams.
Cross Functional Orchestration: Coordinate with CDOC other products (CTI, Redteam, Monitoring) and Legal/Privacy, Comms, and business/IT/Cloud owners; align to the SOC Target Operating Model and service catalogue.
Threat Informed Response: Consume and task Cyber Threat Intelligence and threat hunting to guide scoping, IOCs, and hypotheses; ensure bidirectional feedback between CTI, Red Team, and CSIRT.
Tooling & Case Management: Ensure consistent use of the incident/case platform and evidence handling procedures; maintain audit ready documentation and artifacts.
Vendor & Retainer Oversight: Govern IR retainer(s) and MSSP engagements; validate service performance and integration with internal processes.
Compliance & Governance: Ensure incident handling aligns with Stellantis policy, applicable regulations, and internal governance boards; prepare materials for audits, PIRs, and leadership readouts (per SOC governance and crisis documentation).

Sample Duties:

Direct major incident bridges, integrate SMEs, and ensure timely executive updates per crisis process; confirm accurate status tracking and next actions.
Oversee investigations (host/network/cloud), evidence handling, and scoping; validate containment/eradication and business recovery while maintaining audit‑ready documentation.
Run post‑incident reviews and feed structured improvements into playbooks/use cases and control posture, track remediation to closure.
Report KPIs/SLAs and risk themes in monthly reviews; align resourcing and tooling roadmaps to findings.
Coordinate with CTI for threat‑informed scoping and proactive hunts; ensure bi‑directional intel sharing and IOC packages.

See more open positions at Stellantis

Privacy policy Cookie policy

Getro.org is a community-driven initiative to ease the impact of COVID-19 by connecting tech professionals and hiring companies. It's free for job seekers and companies, and curated by a growing list of referral partners.