Job Description
Role Summary The Incident Response Lead is a senior cybersecurity professional responsible for overseeing and executing the full incident response lifecycle within a hybrid cloud and on-premises environment. This role functions as the technical authority during active cybersecurity incidents, providing leadership, coordination, and investigation expertise to rapidly contain and remediate threats. The position requires a strategic thinker with extensive experience in incident response, digital forensics, and cybersecurity operations, with an emphasis on cloud infrastructure and operational maturity. Responsibilities Lead and coordinate all phases of the incident response process, including detection, analysis, containment, eradication, recovery, and post-incident review. Serve as the primary investigator for high-severity cybersecurity incidents, managing scope, timelines, and documentation. Maintain situational awareness and provide timely updates to SOC leadership, cybersecurity engineering teams, and external stakeholders. Collaborate with cloud, network, identity, and system administration teams during active response efforts to ensure swift containment. Act as escalation decision authority for containment measures and service disruptions, balancing operational impact. Lead digital forensics and incident response investigations across host, network, and cloud environments, guiding analysts in the use of EDR, SIEM, and NDR tools. Validate Indicators of Compromise (IOCs), Indicators of Attack (IOAs), malware, and lateral movement techniques, ensuring evidence integrity for audit and legal purposes. Develop, update, and refine incident response playbooks, runbooks, and operational workflows to improve SOC effectiveness. Lead readiness activities such as tabletop exercises, purple team drills, and threat hunting initiatives to enhance team preparedness. Partner with multi-disciplinary teams and external agencies, including legal, public affairs, and third-party responders, during incidents. Qualifications 10-12 years of direct cybersecurity experience within a Security Operations Center (SOC), including a minimum of 6 years in incident response or digital forensics and incident response (DFIR). Proven ability to lead high-impact incidents involving cloud infrastructure, particularly AWS. Expertise in digital forensics methodologies covering host, network, and cloud environments. Strong analytical skills in log analysis, SIEM tools (e.g., Splunk), EDR (e.g., Trellix), and network analysis techniques. Deep understanding of cybersecurity frameworks such as MITRE ATT&CK, NIST SP 800-61, and the cyber kill chain. Excellent communication skills with the ability to brief executive leadership and coordinate cross-functionally during crises. This position requires eligibility for a U.S. Government security clearance. Under federal law, eligibility for a security clearance generally requires U.S. citizenship (ability to obtain a Public Trust 6C clearance). Relevant cybersecurity certifications such as GCIA, GCFA, GCFE, GNFA, GCIH, or GDAT are highly desirable. Experience mentoring incident responders and maturing SOC/IR capabilities. Strong problem-solving skills and the ability to work effectively under pressure. Publishing Pay Range: $78.00 - $83.00 hourly This is an on-site position requiring employee presence at the office.