SOC Incident Response Manager

• Lead, mentor, and manage a global team of 6-10 Security Operations Center Incident Responders, fostering a culture of excellence and continuous improvement
• Oversee and direct incident response functions, ensuring adherence to established playbooks and best practices across diverse computing environments
• Drive strategic initiatives to enhance incident detection, containment, and eradication capabilities
• Lead and support in-depth triage and investigations of urgent cyber incidents
• Manage team performance, conduct regular reviews, and facilitate career development for direct reports
• Ensure the team effectively performs host-based analytical functions (e.g., digital forensics, metadata, malware analysis, etc.) through investigating Windows, Unix-based, appliances, and Mac OS X systems to uncover Indicators of Compromise (IOCs) and/or Tactics, Techniques and Procedures (TTPs)
• Oversee the creation and tracking of metrics based on the MITRE ATT&CK Framework and other standard security-focused models, using these to drive continuous improvement
• Lead collaboration with application and infrastructure stakeholders to identify key components and information sources such as various environments (on-premises versus other distributed systems), servers, workstations, middleware, applications, databases, logs, etc.
• Direct incident response efforts using forensic and other custom tools to identify sources of compromise and/or malicious activities
• Collaborate with global multidisciplinary groups for triaging and defining the scope of large-scale incidents
• Direct the documentation and presentation of investigative findings for high-profile events and other incidents of interest to senior leadership
• Lead and participate in readiness exercises such as purple team, table tops, etc.
• Develop and implement training programs for junior and mid-level colleagues on relevant best practices and advanced incident response techniques
• Act as a key escalation point for critical incidents and provide expert guidance to the team

• Bachelor's degree in a technically rigorous domain such as Computer Science, Information Security, Engineering, Digital Forensics, etc.
• 10+ years of professional experience in cybersecurity and/or information security, or demonstrated equivalent capability
• 5+ years hands-on working in cyber incident response and investigations, with at least 3 years in a leadership or management capacity, overseeing medium to large global teams, with exposure to various computing environments including cloud and traditional infrastructure
• Proven experience in leading, mentoring, and developing technical teams
• Demonstrated expertise or oversight in Dev/Sec/Ops practices within various computing environments
• Deep understanding and experience with common services and platforms from a security and incident response perspective
• Proven experience leading or directing forensic investigations or large-scale incident response efforts across diverse environments
• Strong understanding and strategic leadership in containerization methods and tools (e.g., Docker, Kubernetes), including incident response and digital forensics considerations
• Advanced certifications (e.g., GIAC, CISSP) in security or equivalent expertise
• Demonstrated ability to lead teams in analyzing and pivoting through large data sets during incident investigations
• Extensive experience in leading digital forensics (e.g., computer, network, mobile device forensics, and forensic data analysis) activities
• Multiple advanced GIAC (e.g., GCFE, GCFA, GREM, GCIH, GASF, GNFA, etc.) or other digital forensic and/or incident response certifications
• Experience in the following operating systems: Windows Operating Systems / UNIX / Mac OS X, specifically in system administration, command line use, and file system knowledge
• Proficient in basic scripting and automation of tasks (e.g., C/C++, PowerShell, JavaScript, Python, bash, etc.)
• Excellent verbal and written communication skills for presenting complex technical information to both technical and non-technical audiences, including senior management
• Proven ability to build and maintain strong relationships with internal and external stakeholders
• Sound judgment and decision-making skills under pressure during critical security incidents
• Advanced analytical and problem-solving skills to guide the team through complex technical challenges
• Ability to adapt to rapidly changing threat landscapes and evolving technologies
• Working knowledge of networking protocols and infrastructure designs
• including routing, firewall functionality, host and network intrusion detection/prevention systems, encryption, load balancing, and other network protocols
• Working knowledge of relational database systems and concepts (SQL Server, PostgreSQL, etc.)
• Working knowledge of virtualization products (e.g., VMware Workstation)
• Must have flexibility to work outside of normal business hours when necessary to lead incident response efforts

Exceptional candidates from non-traditional backgrounds or who otherwise do not meet all of these criteria may be considered for the role provided they demonstrate sufficient skill and experience

• medical, dental & vision coverage
• 401(k)
• life, accident, and disability insurance
• wellness programs
• paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays
• discretionary and formulaic incentive and retention awards