Senior Cyber Defense Manager - Incident Response

Lead the Cyber Incident Response Program

• Oversee the full incident response lifecycle: preparation, identification, containment, eradication, recovery, and post-incident lessons learned (per NIST SP 800-61 or similar frameworks).
• Manage day-to-day incident response operations, including triage, investigation coordination, forensic analysis, and executive-level reporting.
• Develop, maintain, and regularly test incident response playbooks, runbooks, and escalation procedures.

Enhance Detection Capabilities

• Drive continuous improvement of threat detection engineering, including tuning of SIEM rules, EDR/XDR configurations, threat intelligence integration, and behavioral analytics.
• Collaborate with SOC, threat hunting, and security engineering teams to reduce false positives, accelerate mean time to detect (MTTD) and respond (MTTR), and implement proactive detection use cases.
• Lead initiatives to mature internal blue-team capabilities across endpoints, cloud, identity, network, and email environments.

Manage MSSP Services Transition

• Lead the end-to-end transition of MSSP services from the current provider to the new partner, including planning, knowledge transfer, contract/SLA alignment, and cutover execution.
• Conduct due diligence on the new MSSP, define transition success criteria, and mitigate risks during handover (e.g., service continuity, data migration, access controls).
• Establish governance for the new MSSP relationship, including performance monitoring, regular service reviews, incident handoff protocols, and continuous improvement feedback loops.
• Ensure the transition strengthens rather than disrupts detection and response effectiveness.

Team Leadership & Development

• Build, mentor, and lead a high-performing incident response team (internal analysts, responders, and cross-functional partners).
• Provide performance management, career development, and technical coaching to team members.
• Foster a culture of continuous learning, tabletop exercises, red/blue team simulations, and post-incident reviews.
• Stakeholder Collaboration & Reporting
• Serve as the primary point of contact for major incidents, briefing executive leadership, legal, compliance, and external regulators as needed.
• Coordinate with IT, legal, risk, business units, and external partners (e.g., law enforcement, forensics firms) during incidents.
• Produce executive-level reports on incident trends, program maturity, detection improvements, and transition status.

Program Maturity & Compliance

• Align incident response practices with industry standards (NIST, ISO 27001, MITRE ATT&CK, etc.) and regulatory requirements.
• Drive metrics-driven improvements and maturity assessments for the IR program.
• Contribute to enterprise-wide security initiatives, including vulnerability management, threat intelligence, and security awareness.