- Company Name
- Staffing Science
- Job Title
- Manager of Cyber Incident Response
- Job Description
-
**Job title:** Manager of Cyber Incident Response
**Role Summary:**
Lead and evolve a large‑scale enterprise incident response program. Own the full incident lifecycle—from preparation to post‑mortem—while driving detection engineering, playbook development, and operational readiness. Manage the strategic transition to a new Managed Security Service Provider (MSSP), ensuring continuity of monitoring, response workflows, and knowledge transfer. Build an internal security operation capability to complement the external MSSP partnership.
**Expactations:**
- Deliver robust, repeatable incident response processes for high‑severity events across on‑prem, cloud, identity, and endpoint environments.
- Maintain clear, executive‑level communication during major incidents and post‑incident reviews.
- Own the MSSP evaluation, selection, and transition, defining service level expectations and governance.
- Mentor and potentially grow an internal incident response team, fostering skill development and cross‑functional collaboration.
- Align incident response practices with industry frameworks (MITRE ATT&CK, NIST SP 800‑61).
**Key Responsibilities:**
1. Oversee end‑to‑end incident response lifecycle (preparation, detection, analysis, containment, eradication, recovery, post‑incident).
2. Lead response to high‑severity incidents across enterprise infrastructure, cloud platforms, identity services, and endpoints.
3. Develop, refine, and maintain incident response playbooks, escalation matrices, and runbooks.
4. Serve as primary escalation point during major security events; provide timely updates to leadership and technical teams.
5. Partner with security engineering to enhance SIEM, endpoint detection, identity monitoring, and cloud telemetry.
6. Drive improvements in alert quality, detection engineering, and investigative workflows.
7. Execute MSSP evaluation, due diligence, and transition; define operational expectations, SLAs, and collaboration models.
8. Govern MSSP relationship, ensuring measurable security outcomes and compliance with regulatory mandates.
9. Define long‑term strategy for internal/external incident response responsibilities; collaborate with legal, compliance, and risk teams on investigations.
10. Provide executive summaries of incident trends, program improvements, and regulatory reporting.
**Required Skills:**
- 10+ years cybersecurity experience, including 5+ years in senior leadership or technical roles focused on incident response or SOC.
- Hands‑on experience investigating enterprise‑scale incidents and managing complex security events.
- Deep knowledge of incident detection and analysis: SIEM tooling, alert correlation, investigative workflows, threat intelligence.
- Proven experience working with Managed Security Service Providers (MSSPs), including evaluation, transition, and ongoing governance.
- Familiarity with enterprise security architectures, cloud (AWS, Azure, GCP), identity (SAML/OAuth), and endpoint protection.
- Strong communication and stakeholder management skills; able to challenge vendors and drive improvement.
- Understanding of regulatory and compliance requirements impacting incident response.
**Required Education & Certifications:**
- Bachelor’s degree in Computer Science, Information Security, or a related field.
- Industry certifications: CISSP, CISM, GCFA, GCIH, GCIEM, or equivalent.
---