Incident Response Manager

Job Summary

Leading proactive threat hunting and managing critical incident response activities, the full-time Incident Response Manager will develop hypotheses based on MITRE ATT&CK, analyze logs and EDR data, and mentor staff to enhance security posture remotely.

Key responsibilities

• Develop and execute hypothesis-driven hunts using EDR, SIEM, and network traffic analysis to identify advanced threats
• Lead complex investigations and CSIRT activities, providing technical expertise during containment, eradication, and post-incident analysis
• Mentor junior analysts and define technical standards for hunting workflows while integrating threat intelligence into hunting scenarios

Required qualifications

• 5-8 years of experience in security operations, threat hunting, or incident response
• Proficiency in EDR tools (e.g., CrowdStrike, NeuVector) and SIEM platforms (e.g., XSIAM)
• Deep understanding of the MITRE ATT&CK Framework and cyber kill chain
• Strong query skills (SQL, KQL) and scripting ability (Python, PowerShell) for automation
• Knowledge of AWS, Azure, and/or GCP security logging and controls