Manager, Cybersecurity Incident and Breach Response

Manager, Cybersecurity Incident and Breach Response

Manager, Cybersecurity Incident and Breach Response




Employment Type



$116400 - $151300

Job Description:

In this capacity, the Manager, Cybersecurity Incident and Breach Response will:

* Liaise with the Security Operations and Engineering team to assure continuous 24x7x365 monitoring to establish response to security events, investigation of correlated security event feeds, and the appropriate triage and escalation in case of an identified security incident or data breach;

* Mature and manage domain and email-based threat intelligence and threat analytic functions in order to provide related threat intelligence information for effective security operations and security incident response, focusing on events that are likely to lead to a compromise;

* Oversee the Incident Response (IR) program, including documentation, awareness, exercises, and response through all phases of an incident to include post-incident documentation and coordination;

* Support the operational IR or data breach response coordination in the event of an actual incident; and

* Act as liaison and point of entry between Information Technology (IT) when coordinating either security IR or operational disruption IR activities.

In addition, the Manager, Cybersecurity Incident and Breach Response will be expected to have experience with the following areas of responsibility:

* Experience managing security operations for IT infrastructure (Vulnerability Management Program, advance incident response, cyber forensic investigation, endpoint security, EDR Tool, and exercise development / execution);

* Significant expertise in Cyber Security Incident Response and experience in one or more areas of Cyber Security: Intrusion Detection and Mitigation, Network Defense, Network Traffic Analysis or Operating System Security, Forensics, Incident Response, Cyber Threat Hunting, or Malware Analysis and Reverse Engineering;

* Knowledge of general attack stages, including foot printing and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, and covering tracks;

* Familiarity with various malware categories, their characteristics, and network-based indicators of compromise;

* Familiarity with networking vulnerabilities and exploit methods such as DDoS, XSS attacks, SQL injection and how to recognize attacks in-progress;

* Enterprise-level experience performing incident triage, analysis, response, and remediation for computer network intrusions, web application and server attacks, insider threats, and malware infections;

* Ability to evaluate available information, identify information gaps, recreate incident timeline of event activity;

* Experience working in a federated functional organization and influencing leadership and employees not in your direct management chain/scope of control;

* Demonstrated ability to team across organizational boundaries and geographical locations to collaborate with and influence others; and

* Possess excellent communication skills, human relation skills, organizational skills and analytical skills as well as proven information security leadership experience in a medium-to-large organization.

Job Requirements:


* Thorough understanding of the latest security principles, techniques, and protocols;

* Experience maintaining metrics and SLAs;

* Detailed technical knowledge of network, database, and/or operating system security;

* Knowledge of NIST 800-62 and other industry regulatory standards as they pertain to reporting incidents;

* Hands on experience in security systems, including vulnerability management, identity and access management, security risk assessments, application testing, etc.;

* Experience with network security, networking technologies, and network monitoring tools;

* Working knowledge of IT processes (i.e., ITIL) including incident, problem, defect, change and release management; and

* Experience with secure architecture principals, secure SDLC, security system integration and configurations, and troubleshooting.


* Minimum of 12 years of experience with cybersecurity or information technology (preferred);

* At least 10+ years' experience in an Incident Response capacity (SOC/NOC/watch floor, incident response, threat hunting team, forensic team, etc.) (preferred);

* At least 7 years in a legal or professional services environment (preferred); and

* BS degree in Computer Science or related field (required).