Cyber Security Incident Response Team Manager

Position Overview

We are seeking a highly technical and hands-on Incident Response Manager to lead our 24/7 global team of analysts responsible for monitoring, detecting, and responding to cybersecurity incidents. In this role, you will manage incident response activities, enforce playbooks and policies, and serve as a critical escalation point during high-severity events, ensuring rapid containment and resolution of security incidents.

Key Responsibilities

• Lead and mentor a globally distributed team of security analysts and engineers responsible for detection, triage, containment, and investigation of security incidents.
• Serve as incident commander and escalation point for high-severity incidents including ransomware, account compromise, phishing, and data leakage.
• Architect and automate integration of AI/ML-driven threat detection and behavioral analytics into Incident Response processes using SOAR platforms and custom scripting (Python, PowerShell, Bash, etc.).
• Implement and enforce IR playbooks, policies, and best practices aligned with NIST and MITRE ATT&CK frameworks.
• Coordinate cross-functional responses with IT, development, legal, privacy, and business continuity teams.
• Analyze and prioritize complex incidents ensuring adherence to SLAs and regulatory/privacy requirements.
• Continuously improve detection, response, and reporting processes through metrics, trends, KPIs, KRIs, and post-incident reviews.
• Conduct tabletop exercises and oversee vulnerability and penetration testing assessments to identify process gaps.
• Integrate emerging threat intelligence and advanced attacker TTPs into dynamic incident response strategies.

Required Qualifications

• 7+ years of experience in cybersecurity, with significant hands-on work in Security Operations Centers (SOC) and Incident Response, including 3+ years in a leadership role.
• Bachelor’s degree in Cybersecurity, Computer Science, or a related field preferred.
• Certifications such as GCIH, GCFA, GCFE, CISSP, OSCP, or equivalent.
• Proven ability to lead distributed teams under high-pressure and high-stakes environments.
• Hands-on coding experience in Python (preferred), PowerShell, Bash, or similar languages.
• Expertise with traditional and Next-Generation SIEM platforms (e.g., Splunk, Sentinel, QRadar, Exabeam, CrowdStrike Falcon).
• Strong proficiency in SQL along with experience in modern data lake platforms (e.g., Snowflake, Databricks, Azure Data Lake).
• Familiarity with forensic analysis, malware reverse engineering, threat hunting, cloud IR (AWS, Azure), and hybrid environments.
• Exceptional organizational, communication, and decision-making skills, with an ability to maintain team morale and well-being.

Benefits & Perks

• Base Salary: Southern California: $173,211-$277,138; San Antonio: $142,394-$227,830; New York: $183,613-$293,781.
• Performance Bonus: Eligible for an individual annual performance bonus plus Capital’s annual profitability bonus.
• Retirement Plan: Capital contributes 15% of your eligible earnings.
• Learn more about our compensation and benefits details on our website. (Temporary positions in Canada and the United States are excluded from these plans.)