Director of Incident Response

About The Position

Requirements

• Experienced security leader with 8+ years in information security, at least 5 years focused on incident response, intrusion analysis, or security operations, and 3+ years leading major programs or cross-functional initiatives.
• Demonstrated subject matter expertise in incident response, intrusion analysis, incident handling, malware analysis, or digital forensics, with deep knowledge of attacker techniques and detection strategies.
• Strong background in security operations and forensics, including how to investigate complex incidents across endpoints, networks, cloud services, and identities.
• Proven experience designing and refining incident response procedures and mitigation strategies based on post-incident analysis and lessons learned.
• Practical scripting or coding experience (for example, Python, shell, regular expressions, APIs) to automate analysis, enrich alerts, and integrate tools and data sources, with a genuine interest in enabling automation for others.
• Hands-on Linux systems experience and familiarity with securing applications and data across modern infrastructure stacks.
• Experience operating in cloud environments and working with Infrastructure as a Service platforms such as AWS, GCP, or Azure, including their native security services.
• Comfortable working with technologies such as SIEM, EDR, SOAR, IDS/IPS, and cloud native logging and monitoring.
• Strong communication and stakeholder management skills, including the ability to clearly explain complex technical issues and influence senior leaders toward security-minded decisions.
• High degree of adaptability and comfort with ambiguity, with the ability to prioritise and execute in dynamic, high-pressure situations and tight timelines.
• Demonstrated ability to solve complex problems while collaborating effectively with a globally distributed, tight-knit team.
• Understanding of governance, risk, and compliance frameworks, including ISO 27001, ISO 27701, SOC 2, and PCI DSS, and experience supporting external audits or certification efforts.

Responsibilities

• Lead global incident response
• Lead incident response end-to-end, providing both strategic direction and hands-on support during high-severity events.
• Own the full incident lifecycle – preparation, detection, triage, containment, eradication, recovery, and post-incident review – with clear roles, runbooks, and communication plans.
• Serve as, or appoint, the Incident Response Commander (IRC) for major incidents, directing the Cyber Security Incident Response Team (CSIRT) through technical investigation and remediation.
• Develop and run regular tabletop exercises and simulations with Security, IT, Engineering, Legal, People, and Customer Operations to validate readiness and drive improvements.
• Build and automate security operations
• Design, implement, and tune detections across our technology stack (endpoint, network, cloud, SaaS, identity) and drive proactive threat hunting programs.
• Analyse existing and emerging threats, turning threat intelligence and trends into concrete detection use cases, playbooks, and clear risk narratives for leadership.
• Continuously improve automation and orchestration, evolving detection, enrichment, and response workflows using scripting and AI-assisted approaches to reduce time to detect and time to contain.
• Facilitate automation for others by enabling Security, IT, and Engineering teams with reusable workflows, integrations, and well-documented patterns rather than one-off scripts.
• Own relationships with MDR, SOC, and other security operations vendors, ensuring playbooks and runbooks are tuned to HUMAN’s threat model.
• Partner with engineering and cloud platform teams to enhance security monitoring and response across IaaS, PaaS, and SaaS environments.
• Own governance, risk, and compliance for incident response
• Review and draft security policies, standards, and standard operating procedures that support effective incident response, business continuity, and crisis communications.
• Act as a key owner for incident-related controls across ISO 27001, ISO 27701, SOC 2, and PCI DSS, including evidence collection, walkthroughs, and responses to auditors and customers.
• Contribute to the enterprise risk assessment by identifying, analysing, and helping remediate risks related to incident detection, response, and continuity.
• Support broader GRC activities when they intersect with incident response, such as control design, risk register maintenance, and customer assurance work.
• Flex across security domains
• Collaborate with Product Security, Corporate Security and IT on endpoint, identity, and other corporate SaaS security initiatives that improve visibility and response across the company.
• Step into adjacent security projects as needed, owning clear outcomes even when work extends beyond traditional incident response responsibilities.
• Collaborate and represent security
• Own the incident communication plan for internal and external audiences, in coordination with the Security Committee, Legal, Customer Support, and Marketing, including law enforcement engagement where appropriate.
• Work directly with customers, prospects, and auditors to explain our incident response posture, answer questionnaires, and support RFPs and due diligence.
• Provide concise, executive-ready updates and recommendations to senior leadership during and after significant events.
• Define and report metrics that demonstrate the effectiveness and maturity of the incident response program, such as time to detect, time to contain, recovery time, incident trends, and control coverage.
• Documentation and continuous improvement
• Develop and maintain documentation for incident response processes, custom tooling, detections, and playbooks to ensure repeatability and resilience.
• Drive lessons learned and post-incident reviews that translate into concrete changes in controls, tooling, and processes.

Benefits

• comprehensive total rewards package for personal and professional development, including well-being and learning stipends, flexible work options, and dedicated time off