Job
Description
Key Responsibilities: • Incident Response Leadership Lead and coordinate responses to security incidents, including triage, investigation, containment, and remediation. Act as the primary incident commander for high-severity security events. Manage post-incident reviews and ensure timely root cause analysis and lessons learned. • Team Management & Collaboration Lead a team of incident responders and analysts (internal or external SOC teams). Collaborate with stakeholders across IT, Legal, Risk, Compliance, and Executive teams during and after incidents. • Process Development & Improvement Maintain and improve the Security Incident Response Plan (SIRP). Ensure incident handling procedures are well-documented, tested, and regularly updated. Conduct table-top exercises and simulations. • Threat Intelligence & Detection Work with threat intelligence teams to correlate incidents with known threats and vulnerabilities. Partner with security engineering and SOC to enhance monitoring and alerting. • Compliance & Reporting Ensure incident documentation aligns with regulatory requirements (e.g., HIPAA, GDPR, NIST, ISO 27001). Prepare executive-level summaries and incident impact assessments. Support audit and compliance requests related to incident response. Required Qualifications: • Bachelors degree in Computer Science, Information Security, or related field (or equivalent experience). • 5+ years of experience in cybersecurity, with at least 2 years in a lead or senior incident response role. • Strong understanding of common attack vectors, malware behaviors, threat hunting, and forensic analysis. • Familiarity with frameworks such as NIST 800-61, MITRE ATT&CK, and SANS IR methodology. • Hands-on experience with SIEM, EDR, and SOAR tools (e.g., Splunk, CrowdStrike, Palo Alto Cortex). • Excellent communication and leadership skills under pressure. Preferred Qualifications: • Relevant certifications (e.g., GCIH, GCIA, CISSP, CISM, CEH). • Experience in regulated industries (finance, healthcare, energy). • Exposure to cloud-native environments (AWS, Azure) and container security. Key Competencies: • Strategic thinking during crisis • Strong analytical and problem-solving skills • Cross-team collaboration and influence • Commitment to continuous improvement and learning
