Incident Response Manager

About The Position

Requirements

• 7+ years of cybersecurity experience with at least 3 years focused on incident response, digital forensics, threat hunting, or cyber defense operations.
• Demonstrated experience leading complex incident response engagements from initial detection through recovery.
• Experience managing project teams, mentoring technical staff, and coordinating cross-functional stakeholders.
• Strong leadership, decision-making, and risk management capabilities.
• Excellent communication skills with the ability to present technical findings to executive and non-technical audiences.
• Ability to manage competing priorities and multiple concurrent engagements.
• Strong understanding of networking, operating systems, identity systems, cloud technologies, and cybersecurity principles.
• Experience utilizing SIEM platforms such as Splunk, Elastic, Microsoft Sentinel, or FortiSIEM.
• Experience utilizing EDR platforms such as CrowdStrike, SentinelOne, Microsoft Defender for Endpoint, or Carbon Black.
• Proficiency with scripting and automation using PowerShell, Python, Bash, or similar technologies.
• Strong documentation and report-writing capabilities.
• Willingness to travel approximately 15% or more as required.

Nice To Haves

• Expert knowledge of Windows, Linux, Active Directory, Microsoft Entra ID, Microsoft 365, AWS, Azure, and Google Cloud environments.
• Advanced understanding of attacker tactics, techniques, and procedures (MITRE ATT&CK).
• Experience leading enterprise-scale ransomware investigations and recovery efforts.
• Experience coordinating legal counsel, cyber insurance carriers, law enforcement, and third-party stakeholders during incidents.
• Experience developing incident response programs, tabletop exercises, and cyber resilience strategies.
• Experience managing consulting engagements and project financials.
• Experience building and managing cybersecurity teams.
• Relevant certifications such as GCFA, GCIH, GCED, GREM, GCTD, CISSP, CCSP, CISM, AWS Security Specialty, or Azure Security Engineer Associate.

Responsibilities

• Serve as the primary client-facing leader during major cybersecurity incidents.
• Lead multiple concurrent incident response engagements involving ransomware, data breaches, insider threats, cloud compromises, and advanced threat actor activity.
• Provide executive-level briefings to CISOs, CIOs, legal counsel, executive leadership, boards of directors, and other stakeholders.
• Direct forensic investigations, threat hunting activities, containment efforts, eradication plans, and recovery operations.
• Review and approve technical findings, investigation reports, executive summaries, and client deliverables.
• Coordinate internal and external resources to ensure successful engagement execution and client outcomes.
• Ensure investigations meet legal, regulatory, and evidentiary requirements.
• Develop and maintain incident response methodologies, playbooks, procedures, and service offerings.
• Lead and mentor Incident Response consultants and senior staff through coaching, technical guidance, and performance feedback.
• Assist with recruiting, onboarding, and professional development of team members.
• Support business development efforts through proposal development, scoping, client presentations, and strategic discussions.
• Identify opportunities to expand client relationships and deliver additional cybersecurity services.
• Contribute to thought leadership through whitepapers, webinars, conference presentations, and market-facing content.

Benefits

• Comprehensive total rewards package
• Career Coach
• Inclusive culture that values diversity