Cyber Security Incident Response & Threat Intelligence Manager

We are seeking a highly skilled and strategic Cyber Security Incident Response & Threat Intelligence Manager to lead our security operations function. This role combines proactive threat intelligence with advanced incident response leadership, requiring a candidate who can anticipate emerging threats, drive strategic defenses, and lead teams through high-stakes cyber incidents.

The ideal candidate will oversee security monitoring and response capabilities, guide a team of analysts and responders, and partner cross-functionally to strengthen the organization’s security posture.

Key Responsibilities

Incident Response Leadership

• Lead and manage end-to-end response efforts during active cyber incidents, including detection, containment, eradication, and recovery
• Serve as incident commander for high-severity events, ensuring timely decision-making and stakeholder communication
• Oversee deep-dive forensic investigations to determine root cause, scope, and business impact
• Coordinate cross-functional response efforts with IT, Legal, Compliance, and business stakeholders
• Establish, maintain, and continuously improve incident response playbooks, processes, and escalation protocols
• Present post-incident findings, lessons learned, and risk mitigation plans to senior leadership

Threat Intelligence Strategy & Oversight

• Lead the development and execution of the organization’s threat intelligence strategy
• Oversee research and tracking of global threat actors, campaigns, and emerging attack techniques
• Ensure analysis of adversary tactics, techniques, and procedures (TTPs) aligned to frameworks such as MITRE ATT&CK
• Translate threat intelligence into actionable detection use cases, defensive strategies, and business risk insights
• Drive integration of threat intelligence into security tooling, detection engineering, and response playbooks
• Deliver executive-level briefings and intelligence reports tailored to diverse audiences

Detection Engineering & Proactive Defense

• Provide leadership oversight for proactive monitoring across endpoints, networks, and cloud environments
• Guide the development of detection logic, correlation rules, and alerting strategies
• Direct threat hunting initiatives to identify advanced and persistent threats
• Ensure continuous tuning and optimization of security controls to improve detection fidelity and reduce false positives
• Partner with engineering and architecture teams to enhance security visibility and coverage

People Leadership & Program Management

• Lead, mentor, and develop a team of incident responders, threat intelligence analysts, and SOC personnel
• Establish performance expectations, career development plans, and ongoing coaching for team members
• Drive operational excellence within the SOC and incident response functions
• Manage vendor relationships and external partners (e.g., MSSPs, threat intelligence providers)
• Develop metrics and KPIs to measure program effectiveness and maturity
• Support budget planning and resource allocation for security operations

Required Qualifications

• Bachelor’s degree in Cybersecurity, Information Technology, or related field (or equivalent experience)
• 12+ years of experience in incident response, threat intelligence, or security operations, with leadership experience preferred
• Proven experience leading incident response efforts and managing high-impact security events
• Strong understanding of attacker methodologies, malware analysis, and intrusion techniques
• Experience mapping adversary behaviors to MITRE ATT&CK or similar frameworks
• Demonstrated ability to communicate complex security concepts to both technical and executive audiences

Technical Expertise

• Hands-on experience with Endpoint Detection & Response (EDR) tools such as:
  • CrowdStrike Falcon
  • SentinelOne
  • Microsoft Defender for Endpoint
• Experience with NDR/XDR platforms, including:
  • ExtraHop
  • Cisco XDR
• Deep familiarity with SIEM platforms, log analysis, and security monitoring tools
• Strong knowledge of networking protocols, operating systems, and cloud security concepts
• Experience driving detection engineering and threat hunting programs

Operational Expectations

• Lead on-call rotation strategy and provide escalation support for critical incidents
• Ensure rapid and effective response to high-severity threats and vulnerabilities
• Maintain strong situational awareness of the evolving threat landscape
• Collaborate with internal leadership and external stakeholders during security events
• Foster a culture of continuous improvement and operational resilience

Preferred Qualifications

• Relevant certifications (e.g., CISSP, GCIA, GCIH, GCFA, or equivalent)
• Experience with scripting or automation (Python, PowerShell)
• Background in threat hunting, malware analysis, or digital forensics
• Experience building or scaling security operations or incident response programs