Manager, Cyber Incident Response

Manager, Cyber Incident Response

Location: 100% Remote (U.S. – Limited States)

Eligible States: Arizona, Nevada, Illinois, Indiana, Iowa, Kansas, Louisiana, Mississippi, Ohio, Pennsylvania

Citizenship Requirement: U.S. Citizen required due to federal regulatory requirements and extended background screening.

Our client is a large enterprise company with more than 12,000 employees operating across multiple regions in the US. As the organization continues to mature its security operations program, they are making strategic investments in incident response leadership, detection engineering, and vendor strategy.

The Role

We are seeking a Manager of Cyber Incident Response to lead and evolve the organization's enterprise incident response program. This leader will take ownership of incident detection, response strategy, and operational readiness across a large-scale enterprise environment.

A major priority for this role will be leading the evaluation and transition to a new Managed Security Service Provider (MSSP) over the next ~12 months. The right leader will bring hands-on incident response experience and the ability to work closely with security engineers and external partners to ensure the organization maintains strong detection and response capabilities during and after this transition.

This role requires someone who has lived in the trenches of security operations and understands what it takes to detect, investigate, and respond to real-world incidents. While this role will initially operate as an individual leadership position, the expectation is that over time this leader may build and develop a small internal team that works alongside the MSSP to further mature the organization’s response capabilities.

The ideal candidate is a hands-on capable leader who can step in during major incidents, guide investigations, challenge vendors when necessary, and drive improvements across detection, response, and operational processes.

What You'll Do

• Lead the Enterprise Incident Response Program
• Oversee the full lifecycle of cyber incident response including preparation, detection, analysis, containment, eradication, recovery, and post-incident reviews.
• Lead the response to high severity security incidents across enterprise infrastructure, cloud environments, identity platforms, and endpoint ecosystems.
• Develop and continuously refine incident response playbooks, escalation frameworks, and operational runbooks.
• Serve as a key escalation point during major security events and provide clear communication to leadership and technical teams.
• Strengthen Detection and Analysis Capabilities
• Partner with security engineering and operations teams to enhance detection capabilities across SIEM, endpoint detection, identity monitoring, and cloud telemetry.
• Drive improvements in detection engineering, alert quality, and investigative workflows.
• Ensure incident analysis processes are mature, repeatable, and aligned with industry frameworks such as MITRE ATT&CK and NIST.
• Lead MSSP Evaluation and Transition

Interested in remote work opportunities in IT & Network Engineering? Discover IT & Network Engineering Remote Jobs featuring exclusive positions from top companies that offer flexible work arrangements.

• Lead the strategic transition from the current MSSP to a new security services partner.
• Participate in vendor evaluation, due diligence, and selection of a new MSSP partner.
• Define operational expectations, service level objectives, and collaboration models with the selected provider.
• Ensure a smooth transition of monitoring, response workflows, and knowledge transfer without disrupting enterprise security operations.
• Provide governance and accountability for the MSSP relationship, ensuring the provider delivers meaningful security outcomes.
• Build and Mature Security Operations
• Help define the long-term strategy for how incident response responsibilities are shared between internal teams and external partners.
• Work closely with security engineering, infrastructure, legal, compliance, and risk teams during security investigations.
• Provide executive-level summaries of incidents, trends, and program improvements.
• Support regulatory and compliance requirements related to incident response and reporting.

Required Experience

• 10+ years of experience in cybersecurity with strong experience in: Incident Response, Security Operations (SOC) Digital Forensics or Threat Detection
• 5+ years operating in leadership or senior technical roles within incident response or security operations environments.
• Hands-on experience investigating enterprise scale incidents and managing complex security events.
• Strong background in incident detection and analysis, including SIEM tooling and investigative workflows.
• Demonstrated experience working directly with Managed Security Service Providers (MSSPs).
• Experience participating in or leading MSSP evaluation, selection, or transition initiatives.
• Prior experience working as or alongside SOC analysts or incident responders earlier in your career.
• Experience operating in enterprise environments with strong regulatory or compliance requirements.

Technical Expertise

• Strong familiarity with security monitoring and detection platforms such as: SIEM platforms, EDR/XDR tooling, Threat intelligence platforms, Security automation and response tools
• Understanding of incident response frameworks such as: NIST, MITRE ATT&CK, Enterprise response playbooks

We are looking for a leader who:

• Has strong communication and interpersonal skills
• Has a reputation for long tenure and building trust within organizations
• Is comfortable challenging vendors and ensuring accountability from external partners
• Can balance strategic program leadership with hands-on technical credibility
• Has previously worked closely with security engineers and operational teams

Why This Role is Unique

• This role offers a rare opportunity to shape the future of incident response for a large enterprise during a critical period of transformation.
• The right leader will influence:
• Enterprise incident response strategy
• Detection engineering maturity
• Vendor and MSSP strategy
• The long-term evolution of internal security operations

Eligible States: Arizona, Nevada, Illinois, Indiana, Iowa, Kansas, Louisiana, Mississippi, Ohio, Pennsylvania

Citizenship Requirement: U.S. Citizen required due to federal regulatory requirements and extended background screening.