Summary:
We are seeking an experienced Incident Response Lead to serve as the technical authority during active cybersecurity incidents across hybrid cloud and on?prem environments. This role leads investigations, coordinates response efforts, and drives continuous improvement of incident response capabilities within a Security Operations Center (SOC).
Key Responsibilities:
• Lead the full incident response lifecycle, including detection, containment, eradication, recovery, and post?incident analysis.
• Act as lead investigator for high?severity incidents, managing scope, timelines, and technical decisions.
• Coordinate response efforts with cloud, network, identity, and system teams during active incidents.
• Provide clear, timely updates to technical leadership during ongoing response activities.
• Validate indicators of compromise, attack paths, and persistence mechanisms.
• Ensure proper evidence handling and documentation.
• Develop, maintain, and improve incident response playbooks and workflows.
• Lead readiness activities such as tabletop exercises and threat?hunting planning.
• Mentor SOC analysts and support technical skill development across the team.
Required Qualifications:
• 10–12 years of cybersecurity experience, including 6+ years in incident response or digital forensics roles.
• Demonstrated leadership during major cybersecurity incidents impacting cloud environments.
• Strong expertise in digital forensics, SIEM analysis, endpoint detection tools, and network fundamentals.
• Deep knowledge of incident response frameworks and adversary tactics.
• Strong communication skills with the ability to lead effectively under pressure.
• Authorization to work in the United States and ability to obtain required access authorization.
Preferred Qualifications:
• Industry?recognized incident response or forensic certifications.
• Experience maturing SOC operations and incident response programs.
• Experience mentoring technical responders and leading cross?functional efforts.