Incidence Response Lead - Remote
About The Position
Strada is seeking a highly skilled and motivated Incident Response Lead to join our cybersecurity team. This individual will serve as the operational backbone of how Strada handles incidents and ensures Strada is prepared to respond effectively to cybersecurity incidents. This is an individual contributor leadership role with significant cross-functional influence. The right person for this role brings structure and rigor to complex situations, drives timely decisions, and helps restore services safely and quickly without waiting for a playbook to be handed to them. This role will strengthen Strada’s incident response readiness by maturing processes, playbooks, escalation paths, exercises, and cross-functional operating mechanisms. You will be a self-starter who turns ambiguity into practical, repeatable operating mechanisms and moves work forward without waiting for detailed direction. The role will partner closely with the SOC Leads, who own monitoring operations, detection engineering, alert triage processes, SIEM management, and SOC team performance.
Requirements
- Have 5+ years of experience in incident management, with direct experience leading high-severity cybersecurity incidents in complex, global, or distributed environments.
- Have built or significantly shaped an incident response program, ideally in an environment where you had to create structure rather than inherit it.
- Demonstrate a strong sense of ownership and urgency, with the ability to operate independently and make sound decisions under pressure without waiting for direction.
- Are comfortable working in unprecedented situations where processes are still being defined and guidance may be incomplete or conflicting, leaving things better than you found them.
- Have a track record of effective cross-functional collaboration, particularly with technology, product, security, legal, communications, and executive leadership.
- Have experience with cloud infrastructure incidents and enough technical depth across the stack to engage meaningfully with technology teams during response, including comfort navigating distributed systems, monitoring tools, and logs.
- Are analytically minded, with experience using data (incident metrics, queries, trend analysis) to inform decisions during response and to drive operational improvements over time.
- Excellent communication skills with the ability to communicate clearly and calmly under pressure, both in real-time coordination and in post-incident written communications.
- A strong record as a self-starter: you anticipate needs, identify gaps, set priorities, and drive work to completion with limited direction.
- Strong process-design and documentation skills, including process mapping, runbook development, workflow design, and translating lessons into repeatable operating practices.
- Proven coaching, facilitation, and change-enablement skills, with the ability to raise the capability and confidence of technical and non-technical stakeholders.
- Strong knowledge of incident response methodologies and frameworks, including NIST SP 800-61, the SANS incident response lifecycle, and MITRE ATT&CK.
- Minimum education: Bachelor’s degree or an equivalent combination of education, training, and/or experience.
Nice To Haves
- Relevant certifications such as CISSP, GCIA, or equivalent are a plus.
Responsibilities
- Lead Cybersecurity Incident Response: Act as incident lead for major cybersecurity incidents, establishing severity, objectives, workstreams, decision rights, communication cadence, and escalation paths.
- Direct the end-to-end response through validation and scoping, containment, eradication, recovery, and closure, maintaining a clear record of timelines, decisions, actions, and owners.
- Coordinate security, infrastructure, cloud, identity, network, application, vendor, and business teams to restore affected services safely and validate operational stability and residual risk.
- Provide concise, timely situation reports and decision recommendations to executives and stakeholders, translating technical findings into business impact and required actions.
- Partner with Legal, Privacy, Risk, Communications, Human Resources, Business Continuity, and customer-facing teams to meet regulatory, contractual, insurance, notification, and crisis communication obligations.
- Build readiness for incidents: Own and mature incident response by establishing processes, enhancing tooling, and defining operational standards for handling incidents at scale.
- Continually improve the incident response framework, major-incident plans, escalation criteria, call trees, and response and recovery playbooks, including clear handoffs with other teams.
- Design and facilitate tabletop exercises and simulations to test technical readiness, decision-making, communications, and recovery arrangements.
- Perform incident readiness activities, and support additional cybersecurity initiatives as needed in a dynamic global corporate environment.
- Coach and enable the organization: Provide expert guidance on complex incidents and mentor responders, analysts, and technical stakeholders in effective incident management practices.
- Lead post-incident reviews, assign and track corrective actions, and ensure lessons learned improve controls, architecture, detections, response capability, and operational resilience.
Benefits
- Competitive salary and benefits package.
- Flexible working arrangements.
- Professional development and career growth opportunities.
- health coverage
- wellbeing programs
- paid leave (vacation, sick, parental)
- retirement plans
- learning opportunities
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
