Incident Response Lead

Lead hands-on incident response activities, serving as the primary internal escalation point for security events

Serve as the central incident commander across Security, IT, GRC, and Legal during active incidents

Partner with the SOC to validate alerts, guide investigations, and drive containment and eradication efforts

Conduct host, cloud, and log-based investigations, and coordinate with external forensic firms when needed

Maintain and continuously improve incident response playbooks, escalation procedures, and communication workflows

Lead post-incident reviews and root cause analysis, ensuring remediation actions are clearly defined and tracked

Develop and execute tabletop exercises and incident simulations to test and strengthen response readiness

Partner with GRC and Legal to support breach impact assessments and regulatory notification processes

Drive continuous improvement of detection and response capabilities across SIEM, EDR, cloud monitoring, and identity systems

Own incident metrics and reporting, including response times, trends, and systemic risk reduction initiatives

Participate in an on-call escalation rotation to provide after-hours incident leadership when required

7+ years of experience in incident response, digital forensics, threat detection, or SOC operations

Proven experience leading incident investigations in complex, cloud-native environments

Strong experience conducting host, cloud, and log-based investigations

Hands-on expertise with SIEM platforms, EDR tools, and cloud security monitoring

Experience working with external SOC or MDR providers

Strong understanding of attack frameworks (MITRE ATT&CK) and their application to detection and response

Experience supporting breach response obligations under GDPR, HIPAA, PCI, or similar regulatory frameworks

Excellent communication skills with the ability to coordinate cross-functional stakeholders under pressure

Bachelor’s degree or relevant certifications (GCIH, GCFA, CISSP, or equivalent)