Incident Response Lead

As an Incident Response (IR) Lead, you will be a hands-on incident responder actively investigating cases involving end points SaaS, public cloud, and hybrid environments. When not actively leading or participating in an incident, you will be threat hunting. Due to the nature of IR, we are looking for someone who is technically proficient and can effectively communicate with leadership, managers and individual contributors during an IR situation. In addition, you will be responsible for the strategic direction of the IR function, working closely with the Privacy and Legal teams.

Reporting into the Director of Security Engineering, the ideal candidate will be responsible for responding to security threats against our enterprise and production environments. This is a lead role, which is involved in all aspects of the incident response life cycle and the process of responding to a security incident. You will also help with detection engineering to improve logging coverage, security tools tuning, suggest ideas and contribute to the new signals development process and automation to detect and respond to threats automatically and at scale. 

What You’ll Do:

• Manage investigations including organizing unstructured work and engaging resources across the company.
• Manage urgency and visibility to ensure timely response by all involved parties.
• Conduct IR analysis, network log and network PCAP analysis, and other investigation related activities in support of IR.
• Respond to critical incidents, threats, vulnerabilities and bring these issues to resolution.
• Communicate/coordinate with internal and 3rd party teams during high severity incidents.
• Orchestrate & conduct table-top exercises.
• Develop incident playbooks and repeatable methods for managing and responding to malicious activities across networks, systems, and products.
• Design, document, and implement IR processes, procedures, guidelines, and solutions.
• Deliver technical and executive level reports and metrics on IR issues.
• Work together with the Cyber Defense and Cyber Detect teams.
• Forensically analyze end user systems and servers found to have possible indicators of compromise.
• Identify security incidents through threat hunting operations within a SIEM and other relevant tools.
• Perform basic programming and script development in support of/as needed for IR

What We’re Looking For:

• Ability to work in a dynamic, on call environment.
• 7+ years of professional experience in cybersecurity and/or information security or demonstrated equivalent capability.
• 3+ years hands-on working in Cyber incident analysis and/or response in medium to large organizations with cloud and forensics components.
• Experience working with global IR operations using a follow the sun model.
• Strong analytical, documentation, and communication skills.
• In-depth experience with all facets of IR.
• Solid experience applying all facets of IR to Windows, Linus, macOS and public cloud environments.
• Demonstrated threat hunting experience with Python, SIEM, and EDR solutions.
• Ability to successfully facilitate collaboration across multiple functions, departments, and levels.
• Familiarity with SOAR (Security Orchestration, Automation and Response) software with an emphasis on building complex playbooks for automating routine incidents
• SaaS / FinTech / anti-fraud experience a plus
• Digital Forensics experience in public cloud (AWS, Azure, GCP) 
• Security certifications (e.g., CISSP, GCIH, GCFA, etc.)
• Advanced Python, Go, and/or Powershell