Detection and Response Manager, Tempus Technologies

About The Position

Requirements

• Bachelor's degree in Computer Science, Information Security, Engineering, or a related field (or equivalent experience).
• CCSP, CISSP, GCIA, GCIH, GCFA, CySA+ or equivalent certifications.
• 5+ years of experience leading security operations, incident response, digital forensics, or security engineering.
• Demonstrated ability to lead incident response activities from detection through containment, eradication, recovery, and post incident review.
• Experience performing root cause analysis, log analysis, and threat investigation.
• Exposure to compliance frameworks such as PCI DSS, SOC 2, HIPAA, and FedRAMP.
• Strong understanding of cybersecurity fundamentals, including networking, operating systems, endpoint security, cloud security, and identity access management.
• Hands-on experience with SIEM platforms (e.g., Elastic, Splunk), EDR tools, IDP/IPS, and other monitoring technologies.
• Expertise with incident handling methodologies and frameworks such as NIST 800 61, ISO 27035, and MITRE ATT&CK.
• Proficiency in incident management tools and ticketing systems (e.g., Jira, ServiceNow).
• Excellent ability to translate technical details into clear, actionable communication for both technical and non-technical stakeholders.
• Strong communication and interpersonal skills with the ability to manage stressful situations.
• Strong organizational skills with the ability to prioritize and manage multiple concurrent incidents and tasks.
• Excellent problem-solving, analytical, and decision-making skills.
• At least 3 years of prior management experience is typically required.
• In lieu of a degree, a comparable combination of education, job specific certification(s), and experience (including military service) may be considered.

Nice To Haves

• Access Control (AC)
• Building Architecture
• Customer Solutions
• Disaster Recovery Planning
• Information Security
• Network Security
• Physical Security
• Risk Assessments
• Security Technologies
• Data Governance
• Information Assurance
• Information Security Management
• Information Security Technologies
• IT Environment
• IT Standards, Procedures & Policies
• Knowledge of Organization

Responsibilities

• Lead day‑to‑day Detection and Response activities, ensuring timely detection, triage, investigation, and response to security events.
• Ensure 24/7 incident response readiness by maintaining and managing the on‑call rotation, including scheduling, escalation paths, and service‑level expectations.
• Serve as the owner for incident response execution, including initial containment, escalation, incident declaration, and forensic coordination.
• Act as the primary technical lead and liaison during high‑severity incidents, collaborating with Infrastructure, Engineering, Legal, and Executive leadership.
• Oversee the development, tuning, and continuous improvement of SIEM detections, alerting logic, and correlation rules.
• Drive integration of internal and external Threat Intelligence to enhance visibility and detection capabilities.
• Produce operational metrics and performance reporting focused on detection coverage, MTTD/MTTR, case handling quality, and tooling efficacy.
• Evaluate and implement new technologies, integrations, and automation opportunities to reduce manual workload and enhance response capabilities.
• Own and maintain incident response playbooks, SOPs, escalation paths, and response frameworks.
• Ensure regulatory, contractual, and internal stakeholder notifications are initiated and documented when required.
• Manage post-incident activities, including after-action reviews, corrective actions, and measurable improvements.
• Lead readiness activities such as tabletop exercises, red/blue/purple team scenarios, and simulation‑based training.
• Ensure incident response posture aligns with organizational risk appetite, audit requirements, and industry best practices.
• Direct and mentor analysts in investigations, incident handling, and operational processes.
• Execute staffing decisions, performance evaluations, onboarding, and the professional development pipeline for analysts.
• Identify operational gaps and recommend technical or process improvements to mature the detection and response program.
• Champion a culture of continuous improvement, documentation discipline, and analytical excellence.

Benefits

• medical/prescription drug coverage (with a Health Savings Account feature)
• dental and vision options
• employee and spouse/child life insurance
• short and long-term disability protection
• 401(k) with PNC match
• pension and stock purchase plans
• dependent care reimbursement account
• back-up child/elder care
• adoption, surrogacy, and doula reimbursement
• educational assistance, including select programs fully paid
• a robust wellness program with financial incentives
• maternity and/or parental leave
• up to 11 paid holidays each year
• 9 occasional absence days each year, unless otherwise required by law
• between 15 to 25 vacation days each year, depending on career level; and years of service