Cyber Incident Management Lead

About The Position

Requirements

• US Citizenship required
• Master of Science degree in IT, Information Security, or related field
• 10+ years in incident response/security operations/penetration testing
• 5+ years managing IR teams
• Strong knowledge of malware analysis, forensics, threat intel, and adversary TTPs
• Certifications: CEH, EC-Council Licensed Penetration Tester, EC-Council Certified Security Analyst (mandatory)
• Ability to obtain and maintain a Public Trust clearance

Responsibilities

• Lead and coordinate enterprise cybersecurity incident response activities in support of the Cybersecurity Incident Response Team (CSIRT).
• Manage incident response operations for cybersecurity events affecting enterprise infrastructure, applications, systems, and cloud environments.
• Review, maintain, and update the Enterprise Incident Response Plan and supporting Standard Operating Procedures (SOPs) to ensure alignment with federal and organizational requirements.
• Direct incident response efforts including triage, containment, eradication, recovery, and post-incident remediation activities.
• Coordinate with internal stakeholders, third-party vendors, security teams, and leadership during cybersecurity incidents to ensure effective communication and response execution.
• Conduct annual incident response exercises, tabletop events, and testing activities to validate operational readiness and improve response capabilities.
• Perform incident information gathering, analysis, distribution, and stakeholder notification activities in accordance with established response procedures and reporting timelines.
• Develop and publish incident reports, executive summaries, after-action reports, lessons learned, and remediation recommendations following cybersecurity events.
• Lead penetration testing, red team, purple team, adversary emulation, and breach-and-attack simulation activities to assess and improve the organization’s security posture.
• Develop and maintain penetration testing concepts of operations, rules of engagement, test plans, and standard operating procedures.
• Coordinate penetration testing activities including onboarding, active assessments, vulnerability validation, findings analysis, remediation tracking, and patch verification.
• Integrate incident response and penetration testing activities with vulnerability management, threat modeling, continuous monitoring, event detection, and compliance reporting processes.
• Track and report incident response and penetration testing metrics, trends, findings, and remediation activities to cybersecurity leadership and stakeholders.
• Support continuous improvement of incident management, threat detection, and cyber defense capabilities through collaboration with security operations, engineering, and compliance teams.

Benefits

• 3 weeks of Personal Leave your first year
• 11 paid Holidays each year
• 5 days of Flexible Time Off each year for approved training or certifications (self-study is ineligible)
• 401(k) company match at 50% up to 10% of your salary
• Medical, Dental and Vision Insurance
• Life and Disability Insurance
• Public Transportation Subsidies
• Certifications and Training Allowance - Up to $5,000/year!