Senior Manager, Incident Response

About The Position

Requirements

• 8+ years of experience in cybersecurity, with significant hands-on focus in incident response, threat detection, or security operations.
• Proven experience leading security incident response in cloud-first environments, including Azure, AWS, and Microsoft 365.
• Strong working knowledge of endpoint detection and response (EDR), SIEM platforms, identity and cloud-native logging, and security tooling.
• Demonstrated expertise in investigating phishing, credential compromise, business email compromise (BEC), and identity-driven attacks.
• Solid understanding of attacker tactics, techniques, and procedures (TTPs) and frameworks such as MITRE ATT&CK.
• Experience directing or performing digital forensics, incident documentation, and evidence handling in support of legal, regulatory, and compliance requirements.
• Ability to lead cross-functional response efforts and make sound decisions under pressure during high-severity incidents.
• Strong written and verbal communication skills, with the ability to translate technical findings into clear, executive-ready summaries and risk-based recommendations.
• Proven experience acting as an incident commander or senior decision-maker during high-severity security incidents.
• Demonstrated ability to assess and communicate business and regulatory impact of cyber incidents.

Nice To Haves

• Experience building, maturing, or scaling an incident response program in complex or regulated environments.
• Familiarity with regulatory and compliance frameworks such as HIPAA, SOX, FDA, and GDPR, including breach notification and disclosure requirements.
• Experience leading tabletop exercises, simulations, or crisis management drills involving executive stakeholders.
• Prior incident commander experience for major security incidents.
• Background in security automation, SOAR workflows, or response modernization initiatives.
• Industry certifications such as GNFA, GCIA, GCED, GCIH, CISSP, CISM, CEH, or equivalent.
• Experience partnering with external incident response firms, cyber insurance providers, or legal counsel during incident response.
• Experience responding to identity- and SaaS-based attack patterns (e.g., OAuth abuse, token theft).

Responsibilities

• Lead the organization’s enterprise cyber incident response capability across cloud, identity, endpoint, SaaS, and email environments, ensuring effective detection, containment, eradication, and recovery.
• Direct technical investigations and forensic activities to determine root cause, scope, and business impact, including risks to sensitive data, intellectual property, and regulated systems, maintaining defensible evidence handling aligned with legal and regulatory requirements.
• Own the continuous improvement of the incident response program, including readiness, tooling, and alignment to evolving threat and regulatory landscapes.
• Develop, maintain, and operationalize incident response playbooks, workflows, and tabletop exercises aligned with NIST and MITRE ATT&CK frameworks, including clearly defined escalation paths and decision-making frameworks.
• Oversee detection and response to phishing, credential compromise, token abuse, and business email compromise, coordinating identity, endpoint, and cloud response actions.
• Correlate signals across security platforms (EDR, SIEM, identity and cloud telemetry) to identify coordinated or persistent threats and reduce attacker dwell time.
• Serve as a senior escalation point during high-severity incidents, translating technical findings into business impact, executive-ready communications, and risk-based recommendations.
• Define and track incident response metrics (e.g., MTTD, MTTR, dwell time, containment effectiveness), lead post-incident reviews, and drive continuous improvement in response effectiveness, resilience, and program maturity.
• Partner with Security Operations, Engineering, IT, Compliance, Legal, HR, and Communications to align response strategies, remediation efforts, and enterprise risk reduction.

Benefits

• Madrigal offers a competitive Total Rewards strategy to attract and retain top talent and is inclusive of base pay, bonus, equity, and a generous benefits package.
• Full-time employees are eligible for base salary, bonus, equity, and a comprehensive benefits suite.
• Full-time employees are also eligible for comprehensive benefits, including flexible paid time off, medical, dental, vision and life/disability insurance, and 401(k) offerings (i.e., traditional, Roth, and employer match) in accordance with applicable plans.
• We also offer additional voluntary benefits like supplemental life insurance, legal services, and other offerings.
• In addition, we offer mental health benefits through our Employee Assistance Program for employees and their family.
• The company also provides other benefits in accordance with applicable federal, state, and local laws.
• We are committed to providing reasonable accommodations for individuals with disabilities throughout the hiring process.