Role Description The Incident Response Defensive Operations (IRDO) team is seeking a highly experienced, technically strong Lead Security Engineer to drive the design, development, and evolution of our Cybersecurity Incident Response capabilities. This role is intended for a hands-on leader who operates at the intersection of incident response, detection engineering, and security architecture. You will partner closely with Incident Response, and the Threat Detection and Engineering (TIDE) teams to build scalable solutions that improve detection, response, and containment across the enterprise. In addition to leading high-impact engineering initiatives, you will play a critical role in shaping strategy, defining technical standards, and ensuring the IR program can effectively defend against evolving threats. As part of this role, you will also be a key contributor to the CSIRT Defense Profiling program, driving improvements in detection coverage, response capability, and defensive maturity across core domains including email, applications, networks, and endpoints. What You'll Do: - Lead the design and implementation of scalable incident response capabilities, including detection, containment, and response automation. - Architect and develop advanced automation frameworks to reduce response time, eliminate manual effort, and improve consistency across IR workflows. - Identify systemic gaps in detection, visibility, and response capabilities; drive engineering efforts to close them. - Own and deliver complex, cross-functional initiatives that enhance IR tooling, telemetry, and operational effectiveness. - Partner closely with TIDE to define detection requirements, improve signal quality, and operationalize new detections within IR workflows. - Establish and enforce engineering standards, best practices, and design patterns for IR tooling and automation. - Contribute to and help evolve the CSIRT Defense Profiling program, including modeling detection and response coverage across key attack surfaces. - Serve as the EU-based lead for CSIRT activities subject to data sovereignty constraints, directly supporting investigations that require EU presence and designing processes, controls, and automations to ensure compliant handling, analysis, and storage of sensitive data. - Provide technical leadership and mentorship to engineers and analysts, elevating overall team capability. - Act as a senior escalation point for complex incidents requiring deep technical expertise or custom response solutions. - Continuously evaluate emerging threats, tools, and techniques to ensure IR capabilities remain effective and forward-looking. Qualifications - Bachelor’s Degree (or equivalent experience) in Computer Science, Cybersecurity, or a related field. - 7+ years of experience in cybersecurity engineering, incident response, or detection engineering (or equivalent combination of education and experience). - Proven experience designing and building security tooling, automation, or detection systems at scale. Requirements - Strong experience with incident response processes, including detection, triage, containment, and remediation. - Deep understanding of operating systems (macOS, Linux, Windows), networking, and attacker tradecraft. - Hands-on experience building automation using tools such as TINES, SOAR platforms, AWS Lambda, or custom scripting frameworks. - Experience integrating and leveraging SIEM/XDR platforms (e.g., Splunk, LogScale, Falcon, etc.). - Ability to translate operational needs into scalable technical solutions and architectures. - Strong software engineering fundamentals (clean code, modular design, maintainability). - Excellent problem-solving skills with the ability to operate in complex, ambiguous environments. - Strong communication skills with the ability to influence technical and non-technical stakeholders. - Ability to lead initiatives, align cross-functional teams, and drive outcomes independently. - High level of ownership, accountability, and attention to detail. Bonus Points: - Strong scripting or programming experience (e.g., Python, Go, PowerShell, Bash). - Experience with detection engineering frameworks (e.g., MITRE ATT&CK) and coverage modeling. - Familiarity with attack surface management concepts and methodologies. - Experience with cloud security (AWS, GCP, Azure) and modern infrastructure environments. - Experience mentoring or leading engineers in a technical environment. - Familiarity with data sovereignty and privacy frameworks (e.g., GDPR) and their impact on incident response operations. - Relevant security certifications (e.g., GCIA, GCIH, CISSP). Benefits - Market leader in compensation and equity awards. - Comprehensive physical and mental wellness programs. - Competitive vacation and holidays for recharge. - Paid parental and adoption leaves. - Professional development opportunities for all employees regardless of level or role. - Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections. - Vibrant office culture with world class amenities. - Great Place to Work Certified™ across the globe.

• Work closely with system owners to ingest new log feeds for security monitoring • Enhance and maintain our Detection and Response platforms • Build in workflows with AI analysis to automatically investigate and triage issues • Be on the frontlines of Incident Response, actively investigating issues and protecting Upstart • Build common response workflows to expedite investigation and response using AI and SOAR Technology

• Manage onboarding activities for logging systems • Collaborate with stakeholders to ensure successful integration • Troubleshoot and resolve issues related to log ingestion • Document and report on coordination activities • Participate in process standardization initiatives

Title: Director, Cyber Security Operations and Threat Management Location: Plantation, Florida, 33324, United States Department: Information Technology Job Description: The Director for Security Operations and Threat Management, is a strategic, and technically-grounded lead of our information security team, performing duties through processes and procedures necessary to ensure the safety of information systems and applications on premise and in the cloud. This role assists with protecting the confidentiality, integrity, and availability of company and customer data. This role is the primary architect of our defense-in-depth strategy, overseeing the teams (internal and external) responsible for detecting, neutralizing, and preventing cyber threats. You will bridge the gap between high-level security strategy and hands-on operational excellence, ensuring our global infrastructure—on-prem and cloud—remains resilient against an ever-evolving threat landscape. In addition, the Director will manage and monitors various security systems/tools and supports the assessment of system security controls. The ideal candidate is a "leader-doer" who can manage the security of complex environment while remaining sharp enough to deep-dive into an incident response bridge or a cloud architecture review. What You Will Do: - Build and maintain a world-class Threat Intelligence program to pivot from reactive to proactive defense. - Serve as the ultimate escalation point for high-priority security incidents, leading the Incident Response (IR) team through containment, eradication, and recovery. - Establish regular threat-hunting cadences to identify dormant or sophisticated actors within the environment. - Stay abreast, and keep up with the latest threats and analyze the impact to the Jazwares environment - Manage the 24/7 Security Operations Center (MSSP) to ensure high-fidelity alerting and low Mean Time to Resolve (MTTR). - Own the security stack (SIEM, EDR, XDR, SOAR). Ensure tools are integrated, automated, and providing maximum ROI rather than just generating "noise. - Drive a "Detection as Code" philosophy to automate repetitive tasks and manual investigative steps. - Be the custodian of all security tools such as PAM, Email Security, Backup and Recovery, etc. - Provide technical leadership and oversight to security operations activities and initiatives - Participate in business continuity and disaster planning - Provide guidance and support on security issues to other departments - Ensure all software within the network has adequate security measures in place - Propose metrics and prepare reports to show current security posture - Monitor system events, log files, and alerts - Cloud Governance: Define security guardrails for AWS/Azure/GCP environments, focusing on IAM, VPC security, and serverless protection. - Partner with DevOps to integrate security checks into CI/CD pipelines (DevSecOps). - Engineering Excellence: Lead the design and deployment of scalable security solutions that support business growth without introducing friction. - Provide technical leadership and oversight to security engineering activities and initiatives - Harden systems for cyber resilience - Oversee the end-to-end vulnerability management process, from discovery and risk-based prioritization to remediation tracking. - Move beyond simple patching to manage the "attack surface," including external digital footprints and shadow IT. - Collaborate with Enterprise Architects to ensure security is "baked in" to new product builds and internal migrations. - Lead the transition toward a Zero Trust Architecture, focusing on identity-centric security and micro-segmentation. - Determine security requirements and security controls for new systems - Develop and maintain architectural diagrams - Coach team members and manage work plan on assigned projects - Any other tasks assigned by Manager Leadership Responsibilities: - Manages People: Yes What We Are Looking For: - Minimum 8 years of experience within Information Security - At least 3 years of experience Threat Management and Security Operations - At least one of the following certifications required: CISSP, CCSP, CASP+, any SANS GIAC or equivalent is prefered - AWS certifications such as “AWS Certified Security - Specialty” highly desired - Thorough understanding of the following areas: Threat Management, Security Operations, Application Security, Cloud Security, Data Security, Endpoint Security, Network Security, and User Access Security - Knowledge of security frameworks and standards such as NIST CSF, ISO27000, and/or CIS - Self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance, and professionalism. - Ability and desire to take ownership of multiple tasks and responsibilities. - Experience designing or implementing an enterprise level Security Program What we offer: The base salary may vary based on experience, role tenure, performance, industry, and location. Eligibility for the annual performance incentive may apply. Jazwares is a multi-state employer, so the salary range may not apply to other states. Our benefits package includes basic medical insurance that is 100% company-paid for employees and their children, employee basic life and AD&D insurance, a 401(K) retirement program with Jazwares matching up to 4% of pretax or post-tax deferrals, short and long-term disability, and tuition reimbursement. Our work environment provides a flexible work schedule that includes a Monday through Thursday on-site, with an optional WFH on Fridays, up to 20 workdays fully remote each year, and Time Off for vacation and sick leave. Through Jazwares Cares, you will have the opportunity to volunteer for up to 16 hours a year on community service projects. Working at Jazwares At Jazwares, we believe an innovative idea can come from anywhere and anyone. Through our three pillars, we foster innovation and encourage creativity in every area of our business. - Passion: Our conviction and enthusiasm show in our products, relationships, and commitment to our community. - Collaboration: We share one vision worldwide, constantly striving to improve and innovate together. - Humility: We recognize the value in others and treat everyone with respect. Our strength lies in our people and talent. Don't miss out on this extraordinary opportunity to be part of the fastest-growing toy company in the industry. Connect with us today, and let's shape the future of play together! JAZWARES is an equal opportunity employer and does not discriminate in employment on the basis of race, color, sex, religion, national or ethnic origin, citizenship status, ancestry, disability, age, military status, marital status, sexual orientation, or any other characteristic protected by law. Jazwares is committed to providing reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. Who We Are Jazwares, a Berkshire Hathaway company, is a leading global toy manufacturer with a robust portfolio of owned and licensed brands. Founded in 1997, Jazwares celebrates imaginative play with a progressive focus on identifying new and relevant trends to transform into high-quality products for consumers of all ages. Jazwares engages consumers through innovative play experiences with popular brands such as Squishmallows™, Pokémon™, Hello Kitty™, Star Wars™, Disney™, BumBumz™, and Adopt Me™. In addition to toys, offerings include virtual games, costumes, and pet products. Headquartered in Plantation, Florida, Jazwares has offices worldwide and sells its products in over 100 countries. For more information, visit www.jazwares.com and follow us on LinkedIn, X, Instagram, and Facebook. Recruitment Safety Please be wary of unsolicited communications from individuals or websites you are not familiar with, or any communications requesting sensitive personal data or information. All official Jazwares employment information will come from our company email ending in @jazwares.com. Jazwares will never request any monetary payments at any point during its hiring process. If you have any questions about any unsolicited communications, you can reach out to jazlegal@jazwares.com. We look forward to you experiencing a safe and enjoyable application process at Jazwares!