we are seeking an Incident Response Lead to own and mature the companys global cyber incident response capability. This role sits within the CISO Office and is accountable for response execution, post-incident learning, and executive-level coordination across our companys cloud, infrastructure, and platform environments.
The Incident Response Lead will act as the single accountable owner for high-severity security incidents, ensuring rapid containment, accurate impact assessment, regulatory-compliant communications, and continuous improvement of detection and response capabilities.
This role requires deep technical expertise, strong crisis leadership, and the ability to operate under pressure in highly regulated, high-availability environments.
Key Responsibilities
Incident Response Leadership
Lead and coordinate of security incidents across our companys cloud, infrastructure, and corporate environments.
Act as Incident Commander during major incidents, driving containment, eradication, and recovery efforts.
Support and maintain clear incident classification, escalation, and decision-making frameworks.
Ensure 24/7 readiness through on-call structures, runbooks, and playbooks.
Detection, Triage, and Investigation
Oversee advanced incident triage and forensic investigations across:
Cloud platforms
Network and perimeter security
Identity and access systems
Supply chain and third-party risks
Partner with SOC, Threat Intelligence, and Threat Hunting teams to improve detection fidelity and reduce MTTR.
Ensure evidence handling meets legal, regulatory, and forensic standards.
Lead regulatory-ready incident documentation, timelines, and root cause analysis (RCA).
Support audits, regulatory inquiries, and executive reporting related to security incidents.
Executive & Cross-Functional Coordination
Serve as the primary incident response interface to:
CISO and executive leadership
Legal, Privacy, Compliance, and Communications teams
Infrastructure, Network, IT, Platform, and Engineering leadership
Deliver clear, factual, and risk-based incident briefings to senior leadership.
Support customer and partner communications when security incidents impact trust or service availability.
Program Development & Continuous Improvement
Support our companys incident response program, including:
Playbooks and runbooks
Tabletop exercises and simulations
Red/blue/purple team coordination
Drive lessons-learned processes and ensure findings result in measurable control improvements.
Define and track incident response KPIs (MTTD, MTTR, containment effectiveness).
The Incident Response Lead will act as the single accountable owner for high-severity security incidents, ensuring rapid containment, accurate impact assessment, regulatory-compliant communications, and continuous improvement of detection and response capabilities.
This role requires deep technical expertise, strong crisis leadership, and the ability to operate under pressure in highly regulated, high-availability environments.
Key Responsibilities
Incident Response Leadership
Lead and coordinate of security incidents across our companys cloud, infrastructure, and corporate environments.
Act as Incident Commander during major incidents, driving containment, eradication, and recovery efforts.
Support and maintain clear incident classification, escalation, and decision-making frameworks.
Ensure 24/7 readiness through on-call structures, runbooks, and playbooks.
Detection, Triage, and Investigation
Oversee advanced incident triage and forensic investigations across:
Cloud platforms
Network and perimeter security
Identity and access systems
Supply chain and third-party risks
Partner with SOC, Threat Intelligence, and Threat Hunting teams to improve detection fidelity and reduce MTTR.
Ensure evidence handling meets legal, regulatory, and forensic standards.
Lead regulatory-ready incident documentation, timelines, and root cause analysis (RCA).
Support audits, regulatory inquiries, and executive reporting related to security incidents.
Executive & Cross-Functional Coordination
Serve as the primary incident response interface to:
CISO and executive leadership
Legal, Privacy, Compliance, and Communications teams
Infrastructure, Network, IT, Platform, and Engineering leadership
Deliver clear, factual, and risk-based incident briefings to senior leadership.
Support customer and partner communications when security incidents impact trust or service availability.
Program Development & Continuous Improvement
Support our companys incident response program, including:
Playbooks and runbooks
Tabletop exercises and simulations
Red/blue/purple team coordination
Drive lessons-learned processes and ensure findings result in measurable control improvements.
Define and track incident response KPIs (MTTD, MTTR, containment effectiveness).
Requirements:
Experience
8+ years in cybersecurity, with significant hands-on incident response leadership experience.
Proven experience leading large-scale, high-impact security incidents in cloud or infrastructure-heavy environments.
Experience operating in regulated or compliance-driven environments (SOC, ISO, financial services, cloud providers, etc.).
Technical Expertise
Strong understanding of:
Cloud security architectures
Network security, IAM, endpoint security, and logging pipelines
Threat actor tactics, techniques, and procedures (MITRE ATT&CK)
Practical experience with SIEM, SOAR, EDR, NDR, and forensic tooling.
Ability to validate technical findings independently and challenge assumptions.
Leadership & Communication
Demonstrated ability to lead under pressure and make high-quality decisions with incomplete data.
Clear, concise communicator capable of briefing executives and non-technical stakeholders.
Strong cross-functional leadership skills without relying on direct authority.
Experience
8+ years in cybersecurity, with significant hands-on incident response leadership experience.
Proven experience leading large-scale, high-impact security incidents in cloud or infrastructure-heavy environments.
Experience operating in regulated or compliance-driven environments (SOC, ISO, financial services, cloud providers, etc.).
Technical Expertise
Strong understanding of:
Cloud security architectures
Network security, IAM, endpoint security, and logging pipelines
Threat actor tactics, techniques, and procedures (MITRE ATT&CK)
Practical experience with SIEM, SOAR, EDR, NDR, and forensic tooling.
Ability to validate technical findings independently and challenge assumptions.
Leadership & Communication
Demonstrated ability to lead under pressure and make high-quality decisions with incomplete data.
Clear, concise communicator capable of briefing executives and non-technical stakeholders.
Strong cross-functional leadership skills without relying on direct authority.
This position is open to all candidates.
