Incident Response Lead

Job Summary:

Summary

The Incident Response Lead is responsible for driving the containment and eradication of threats during cyber security events and following through with supporting remediation efforts post events within a fast-paced and dynamic environment in effort to restore normal secure service delivery. This individual will act as a liaison between technical teams and leadership, ensuring effective communication and alignment on cybersecurity priorities. This role will require attention to detail, ability to organize and document information, and in-depth knowledge of cyber security processes to support the global organization through complex and high-pressure incidents.

Core Skills & Knowledge

• Capture detailed notes and deliver precise, accurate reports to stakeholders during high-pressure scenarios, ensuring all action items are effectively communicated and delegated to the Cyber Defense team or partners for execution; throughout the lifecycle of an incident.
• Advanced understanding of incidents: how they are categorized, to respond to them, and to collect/ preserve evidence of them for documentation and reporting.
• Experience in the application of available tooling to defend against cyber threats and hardened existing systems against further attacks
• Experience in response to at least one public cloud vendor (e.g.: AWS. GCP, Azure, etc)
• Experience in response to a variety of systems types and applications
• Must be willing to work an on-call rotation
• Excellent analytical and problem-resolution skills

Key Responsibilities

• Collect evidence from cyber events and utilize data to build a complete chain of events from initial access through eradication and recovery phases
• Advise and coordinate with Incident Commander by providing trusted expert advice to support the successful conclusion of a cyber incident
• Receive and analyze signals from numerous sources to determine possible causes of alerts
• Conduct, document and report postmortem lessons learned that contribute to the improvement of the team and the organization’s cyber program.
• Develop and communicate reports on Cyber Defense TTPs, guidance, and incident findings to various stakeholders.
• Advise and collect forensically sound artifacts for inspection to support cyber incidents
• Engage with both technical and non-technical stakeholders in a professional manner both internally and externally to the business on sensitive cyber security issues.
• Develop training and exercises to promote both team and organizational development to improve delivery during incidents, through the creation and conduction of tabletops and workshops.
• Work as part of a global team.
• Be the Incident Response SME.

Desired Qualifications And Traits

• Bachelor’s degree in Computer Science, Information Security, or a related field.
• 5+ years of experience in Cyber Security Operations type role
• 3+ years of experience specifically in Incident Response type roles that performed event investigations,
• Excellent communication skills, with experience delivering executive-level briefings and reports.
• Solid understanding of cybersecurity principles, including incident response, policy governance, and compliance requirements.
• Experience with security tools such as SIEMs, IDS/IPS, DLP, and vulnerability management platforms.
• Strong organizational, time-management, and leadership skills.

Preferred Skills And Certifications

• Certifications: CISSP, GCIH, GCFA, CySA+
• Experience working in large, global enterprises with complex technical infrastructures.
• Knowledge of audit frameworks and regulatory compliance requirements (e.g., SOX, GDPR, PCI DSS).
• Familiarity with cloud security architectures and tools (e.g., AWS, Azure, GCP).
• Exceptional ability to remain calm and focused during high-stress situations.
• Strong problem-solving and conflict management skills.
• A collaborative team player who thrives in a global, cross-functional environment.

This role is ideal for a seasoned cybersecurity professional with a passion for leading technical projects, fostering team alignment, and delivering results in a dynamic and complex enterprise environment.