Job Specifications
Manager, Cyber Incident Response
Location: 100% Remote (U.S. – Limited States)
Eligible States: Arizona, Nevada, Illinois, Indiana, Iowa, Kansas, Louisiana, Mississippi, Ohio, Pennsylvania
Citizenship Requirement: U.S. Citizen required due to federal regulatory requirements and extended background screening.
Our client is a large enterprise company with more than 12,000 employees operating across multiple regions in the US. As the organization continues to mature its security operations program, they are making strategic investments in incident response leadership, detection engineering, and vendor strategy.
The Role
We are seeking a Manager of Cyber Incident Response to lead and evolve the organization's enterprise incident response program. This leader will take ownership of incident detection, response strategy, and operational readiness across a large-scale enterprise environment.
A major priority for this role will be leading the evaluation and transition to a new Managed Security Service Provider (MSSP) over the next ~12 months. The right leader will bring hands-on incident response experience and the ability to work closely with security engineers and external partners to ensure the organization maintains strong detection and response capabilities during and after this transition.
This role requires someone who has lived in the trenches of security operations and understands what it takes to detect, investigate, and respond to real-world incidents. While this role will initially operate as an individual leadership position, the expectation is that over time this leader may build and develop a small internal team that works alongside the MSSP to further mature the organization’s response capabilities.
The ideal candidate is a hands-on capable leader who can step in during major incidents, guide investigations, challenge vendors when necessary, and drive improvements across detection, response, and operational processes.
What You'll Do
Lead the Enterprise Incident Response Program
Oversee the full lifecycle of cyber incident response including preparation, detection, analysis, containment, eradication, recovery, and post-incident reviews.
Lead the response to high severity security incidents across enterprise infrastructure, cloud environments, identity platforms, and endpoint ecosystems.
Develop and continuously refine incident response playbooks, escalation frameworks, and operational runbooks.
Serve as a key escalation point during major security events and provide clear communication to leadership and technical teams.
Strengthen Detection and Analysis Capabilities
Partner with security engineering and operations teams to enhance detection capabilities across SIEM, endpoint detection, identity monitoring, and cloud telemetry.
Drive improvements in detection engineering, alert quality, and investigative workflows.
Ensure incident analysis processes are mature, repeatable, and aligned with industry frameworks such as MITRE ATT&CK and NIST.
Lead MSSP Evaluation and Transition
Lead the strategic transition from the current MSSP to a new security services partner.
Participate in vendor evaluation, due diligence, and selection of a new MSSP partner.
Define operational expectations, service level objectives, and collaboration models with the selected provider.
Ensure a smooth transition of monitoring, response workflows, and knowledge transfer without disrupting enterprise security operations.
Provide governance and accountability for the MSSP relationship, ensuring the provider delivers meaningful security outcomes.
Build and Mature Security Operations
Help define the long-term strategy for how incident response responsibilities are shared between internal teams and external partners.
Work closely with security engineering, infrastructure, legal, compliance, and risk teams during security investigations.
Provide executive-level summaries of incidents, trends, and program improvements.
Support regulatory and compliance requirements related to incident response and reporting.
Required Experience
10+ years of experience in cybersecurity with strong experience in: Incident Response, Security Operations (SOC) Digital Forensics or Threat Detection
5+ years operating in leadership or senior technical roles within incident response or security operations environments.
Hands-on experience investigating enterprise scale incidents and managing complex security events.
Strong background in incident detection and analysis, including SIEM tooling and investigative workflows.
Demonstrated experience working directly with Managed Security Service Providers (MSSPs).
Experience participating in or leading MSSP evaluation, selection, or transition initiatives.
Prior experience working as or alongside SOC analysts or incident responders earlier in your career.
Experience operating in enterprise environments with strong regulatory or compliance requirements.
Technical Expertise
Strong familiarity with security