Incident Manager - Detection & Response

About The Position

Requirements

• Have 7+ years of experience in technical program management, incident management, or security operations, with significant time spent in a detection & response or security incident response context.
• Have led or built incident response programs at a technology company, ideally in a high-growth or security-intensive environment.
• Have a demonstrated track record of turning incident data into organizational improvements—not just writing post-mortems, but driving the cross-functional work to implement systemic fixes.
• Are comfortable participating in on-call responsibilities and leading incident response during high-severity security events, including off-hours.
• Have experience building and scaling operational processes from the ground up in environments where structure didn’t previously exist.
• Excel at driving accountability and follow-through across multiple teams without direct authority—you know how to influence, track, and close the loop.
• Have strong analytical skills and experience with incident trend analysis, metrics reporting, and data-driven prioritization.
• Are highly organized with a knack for bringing structure to ambiguous, fast-moving situations.
• Have excellent communication skills, especially under pressure and when coordinating across technical and non-technical stakeholders, including executive leadership.
• Thrive in fast-paced environments where priorities shift and you’re often working with incomplete information.

Responsibilities

• Own the end-to-end D&R incident management program: detection workflows, response processes, escalation paths, communication standards, and remediation tracking.
• Serve as incident commander for security incidents, driving clear coordination across executive, engineering, security, legal, and other appropriate stakeholders.
• Establish and run incident commander rotations within D&R, ensuring clear ownership and effective coordination during incidents of varying severity.
• Drive post-incident accountability by defining how action items are captured, assigned, tracked, and completed across teams—ensuring follow-through on both tactical fixes and strategic improvements.
• Gather, analyze, and report on incident trends and patterns to surface systemic risks, recurring root causes, and areas where the organization is most vulnerable.
• Translate trend analysis into actionable cross-functional initiatives: partner with engineering, infrastructure, security, and product teams to prioritize and implement broad fixes and preventive improvements that address root causes rather than symptoms.
• Lead incident review forums (post-mortems, retrospectives) and ensure learnings are captured, socialized, and acted upon across the organization.
• Develop and maintain D&R incident response documentation, playbooks, runbooks, and training materials; keep them current as the threat landscape and our systems evolve.
• Partner with detection engineering to improve alert fidelity, reduce noise, and shorten time-to-detection for security events.
• Define, develop, and track incident management KPIs and report regularly to D&R and Security leadership.
• Support broad cross-functional training and initiatives to uplevel security awareness across the company (e.g. Tabletop exercises, training, talks).

Benefits

• competitive compensation and benefits
• optional equity donation matching
• generous vacation and parental leave
• flexible working hours
• a lovely office space in which to collaborate with colleagues