Security Incident Management (SIM) Lead

Job Title:

Location:

Job Type:

Shift:

Department:

Position Summary:

The Security Incident Management (SIM) Lead is responsible for leading the end-to-end response to cybersecurity incidents, ensuring containment, root cause analysis, and recovery. This role oversees the incident response lifecycle, coordinates cross-functional teams during active incidents, and drives improvements in preparedness and resilience.

Key Responsibilities:

• Incident Response Leadership

• Lead and coordinate responses to security incidents, including triage, investigation, containment, and remediation.
• Act as the primary incident commander for high-severity security events.
• Manage post-incident reviews and ensure timely root cause analysis and lessons learned.

• Team Management & Collaboration

• Lead a team of incident responders and analysts (internal or external SOC teams).
• Collaborate with stakeholders across IT, Legal, Risk, Compliance, and Executive teams during and after incidents.

• Process Development & Improvement

• Maintain and improve the Security Incident Response Plan (SIRP).
• Ensure incident handling procedures are well-documented, tested, and regularly updated.
• Conduct table-top exercises and simulations.

• Threat Intelligence & Detection

• Work with threat intelligence teams to correlate incidents with known threats and vulnerabilities.
• Partner with security engineering and SOC to enhance monitoring and alerting.

• Compliance & Reporting

• Ensure incident documentation aligns with regulatory requirements (e.g., HIPAA, GDPR, NIST, ISO 27001).
• Prepare executive-level summaries and incident impact assessments.
• Support audit and compliance requests related to incident response.

Required Qualifications:

• Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience).
• 5+ years of experience in cybersecurity, with at least 2 years in a lead or senior incident response role.
• Strong understanding of common attack vectors, malware behaviors, threat hunting, and forensic analysis.
• Familiarity with frameworks such as NIST 800-61, MITRE ATT&CK, and SANS IR methodology.
• Hands-on experience with SIEM, EDR, and SOAR tools (e.g., Splunk, CrowdStrike, Palo Alto Cortex).
• Excellent communication and leadership skills under pressure.

Preferred Qualifications:

• Relevant certifications (e.g., GCIH, GCIA, CISSP, CISM, CEH).
• Experience in regulated industries (finance, healthcare, energy).
• Exposure to cloud-native environments (AWS, Azure) and container security.

Key Competencies:

• Strategic thinking during crisis
• Strong analytical and problem-solving skills
• Cross-team collaboration and influence
• Commitment to continuous improvement and learning