Cyber Security Incident Response Manager

About The Position

Requirements

• Bachelor's degree in Computer Science, Information Security, or related field; advanced degree preferred.
• Minimum of 5-8 years of experience in a SOC or CSOC role with a focus on SIEM, incident response, SOAR, and threat intelligence.
• Professional certifications such as CISSP, CISM, GIAC (GCIH, GCIA, GCFA), CEH, or similar.
• Experience with cloud security platforms and technologies (AWS and Azure).
• Familiarity with scripting and programming languages (e.g., Python, PowerShell).
• Knowledge of Cloud IDP solutions (e.g. Sailpoint, Okta, Azure etc).
• Experience with large scale and complex incidents including APT, DDOS, ransomware, web/mobile compromise, account compromise, data disclosures, etc.
• Experience in network intrusion detection, including experience using common network monitoring tools - IDS, IPS, SIEM and Syslog.
• Understanding of common network vulnerabilities and penetration testing tools including Metasploit, Qualys, Nessus, and Nmap.
• Knowledge of Log analysis, correlate events and identify indicators of threat activity via SIEM Tools such as Sumo Logic.
• Knowledge of EDR Tools, triage investigation; CrowdStrike.
• Knowledge of Email Security, Phishing/Malware Email Analysis, Data Loss Prevention.
• Demonstrated ability to perform independent analysis of complex problems and distill relevant findings and root causes.
• A broad and deep understanding of cyber-security threats, vulnerabilities, controls, and remediation strategies in global enterprise environments.
• Knowledge of technologies, systems, and networks as well as typical gaps that could impact the ability of an organization to effectively detect and respond to cyber attacks.
• Demonstrated knowledge of common adversary tactics, techniques, and procedures.
• Strong foundational knowledge in information technology, including hardware, networking, architecture, protocols, file systems, and operating systems.
• The use of host and network forensic methods and tools.
• The application of threat intelligence in incident response and forensic investigations.
• Malware analysis and comprehension of attack methodologies.
• Navigating and querying enterprise logging solutions to extract and manipulate data.
• Analyzing network, host, and user activity data to detect irregularities.
• Excellent analytical, problem-solving, and decision-making skills.
• Strong written and verbal communication skills.
• Ability to work in a fast-paced, high-pressure environment and manage multiple priorities effectively.

Nice To Haves

• Experience with additional security tools and technologies.
• Knowledge of regulatory compliance frameworks (e.g., GDPR, PCI-DSS).
• Experience in a retail or e-commerce environment.

Responsibilities

• Lead and mentor a team of security analysts, providing guidance and support.
• Define and implement processes for collaboration between in-house CSOC teams and MDR.
• Prepare and present regular reports on security incidents, trends, and performance metrics.
• Provide recommendations for improvements based on analysis of security incidents and trends.
• Lead training sessions and workshops to enhance the skill set of the team.
• Act as a subject matter expert (SME) on security incidents and SIEM best practices.
• Oversee and manage relationships with Managed Detection and Response Providers (MDRs).
• Monitor MDR activities to ensure compliance with Service Level Agreements (SLAs) and contractual obligations.
• Evaluate reports, alerts, and threat intelligence provided by MDRs for accuracy and relevance.
• Serve as the primary point of contact for MDRs, ensuring clear communication of organizational priorities and requirements.
• Regularly review MDR performance metrics and conduct quarterly business reviews (QBRs).
• Lead the investigation of complex security incidents, including data breaches, malware infections, and unauthorized access.
• Perform detailed forensic analysis of compromised systems and networks.
• Coordinate incident response efforts with cross-functional teams to contain and mitigate threats.
• Document and report on security incidents, findings, and recommendations.
• Gather, analyze, and disseminate threat intelligence from multiple sources.
• Utilize threat intelligence to identify and prioritize potential threats to the organization.
• Conduct threat hunting activities to proactively identify security risks and vulnerabilities.

Benefits

• Medical, vision, and dental insurance coverage.
• Employee discount program.
• Convenient and collaborative modern offices in Lower Manhattan with onsite perks.