Cybersecurity Incident Lead

About The Position

Requirements

• 5-8 Years of Experience managing or coordinating the full lifecycle of security incidents in an enterprise environment.
• Proven ability to lead through influence across technical and non-technical teams.
• Excellent written and verbal communication skills and experience briefing senior leadership.
• Experience with security tooling to include but not limited to SIEM, EDR, IAM platforms, cloud security, DSPM tools, and ticketing systems.
• Strong understanding of security operations workflows, attack techniques, and mitigation strategies.
• Calm, structured decision-making under pressure.

Nice To Haves

• Experiencing building or maturing incident response programs in distributed, multi-org companies.
• Experience using automation to improve incident workflows, response consistency, and follow-through.
• Familiarity with regulatory or privacy considerations in media, healthcare, or regulated environments.

Responsibilities

• Serve as the primary incident coordinator for cybersecurity events, including social engineering, identity compromise, data exposure, and cloud security incidents.
• Lead incident triage, severity assessment, and escalation to ensure the right stakeholders are engaged quickly.
• Investigate and analyze: examine data from active and historical cases to uncover attack vectors, root causes, and emerging threats. Lead investigations to drive actionable findings and inform response strategies.
• Coordinate containment, eradication, and recovery activities across Security Operations, IAM, SecEng, IT, and business units. Ensure after action reviews are conducted and follow-on plans are implemented.
• Maintain IR playbooks, escalation paths, and communication templates.
• Ensure incidents are handled consistently, efficiently, and in accordance with established response playbooks.
• Own incident communications, including: Situation updates during active incidents Clear post-incident summaries Executive briefings
• Translate technical findings into business impact, risk, and decision-oriented messaging.
• Contribute to recurring security reporting by incorporating incident trends, metrics, and lessons learned.
• Help mature the organization’s incident management framework, including: Incident severity models Roles and responsibilities On-call and escalation procedures
• Lead tabletop exercises and simulations focused on high-risk scenarios such as: Social engineering and identity abuse Data exposure involving public or regulated datasets Cloud misconfiguration and multi-tenant impact

Benefits

• medical
• dental
• vision
• disability and life insurance
• 401(k)
• paid holidays and paid time off
• employee assistance programs