Overview
Job Summary: The Incident Response Lead is responsible for driving the containment and eradication of threats during cyber security events and following through with supporting remediation efforts post events within a fast-paced and dynamic environment in effort to restore normal secure service delivery. This individual will act as a liaison between technical teams and leadership, ensuring effective communication and alignment on cybersecurity priorities. This role will require attention to detail, ability to organize and document information, and in-depth knowledge of cyber security processes to support the global organization through complex and high-pressure incidents.
Core Skills & Knowledge
- Capture detailed notes and deliver precise, accurate reports to stakeholders during high-pressure scenarios, ensuring all action items are effectively communicated and delegated to the Cyber Defense team or partners for execution; throughout the lifecycle of an incident.
- Advanced understanding of incidents: how they are categorized, to respond to them, and to collect/ preserve evidence of them for documentation and reporting.
- Experience in the application of available tooling to defend against cyber threats and hardened existing systems against further attacks
- Experience in response to at least one public cloud vendor (e.g.: AWS. GCP, Azure, etc)
- Experience in response to a variety of systems types and applications
- Must be willing to work an on-call rotation
- Excellent analytical and problem-resolution skills
Key Responsibilities
- Collect evidence from cyber events and utilize data to build a complete chain of events from initial access through eradication and recovery phases
- Advise and coordinate with Incident Commander by providing trusted expert advice to support the successful conclusion of a cyber incident
- Receive and analyze signals from numerous sources to determine possible causes of alerts
- Conduct, document and report postmortem lessons learned that contribute to the improvement of the team and the organization's cyber program.
- Develop and communicate reports on Cyber Defense TTPs, guidance, and incident findings to various stakeholders.
- Advise and collect forensically sound artifacts for inspection to support cyber incidents
- Engage with both technical and non-technical stakeholders in a professional manner both internally and externally to the business on sensitive cyber security issues.
- Develop training and exercises to promote both team and organizational development to improve delivery during incidents, through the creation and conduction of tabletops and workshops.
- Work as part of a global team.
- Be the Incident Response SME.
Desired Qualifications and Traits
- Bachelor\'s degree in Computer Science, Information Security, or a related field.
- 5+ years of experience in Cyber Security Operations type role
- 3+ years of experience specifically in Incident Response type roles that performed event investigations,
- Excellent communication skills, with experience delivering executive-level briefings and reports.
- Solid understanding of cybersecurity principles, including incident response, policy governance, and compliance requirements.
- Experience with security tools such as SIEMs, IDS/IPS, DLP, and vulnerability management platforms.
- Strong organizational, time-management, and leadership skills.
Preferred Skills and Certifications
- Certifications: CISSP, GCIH, GCFA, CySA+
- Experience working in large, global enterprises with complex technical infrastructures.
- Knowledge of audit frameworks and regulatory compliance requirements (e.g., SOX, GDPR, PCI DSS).
- Familiarity with cloud security architectures and tools (e.g., AWS, Azure, GCP).
- Exceptional ability to remain calm and focused during high-stress situations.
- Solid problem-solving and conflict management skills.
- A collaborative team player who thrives in a global, cross-functional environment.
This role is ideal for a seasoned cybersecurity professional with a passion for leading technical projects, fostering team alignment, and delivering results in a dynamic and complex enterprise environment.
#J-18808-Ljbffr