CrawlJobs Logo

Cybersecurity Incident Response Team Lead

United States Of America, NEW YORK 150000.00 - 185000.00 USD / Year · Job Posted January 26, 2026
Apply Position
Job Link Share

Job Description

The Cybersecurity Incident Response Team Lead is a leadership role responsible for leading and enhancing the bank’s Security Operations strategy. The Cybersecurity Incident Response Lead will oversee the incident response and threat intelligence programs to safeguard critical assets and data. The ideal candidate will combine technical expertise, operational efficiency, and a strategic mindset to mitigate risks and ensure compliance with regulatory requirements. This role requires exceptional leadership, technical skills, and communication skills to drive cross-functional collaboration and instill a culture of security across the organization.

Job Responsibility

  • Develop and execute a comprehensive security operations strategy aligned with the bank's risk appetite and business objectives
  • Provide thought leadership on emerging cyber risks and recommend proactive measures to mitigate them
  • Serve as a trusted advisor to executive leadership, management committees, and the board on cyber risk issues
  • Define, maintain, and report operational metrics to evaluate Security Operations program performance, effectiveness, and adherence with organizational and regulatory requirements
  • Direct and manage Americas Cyber Security Incident Response Team (CSIRT) to ensure timely monitoring, detection, and response to threats
  • Lead the development and execution of the bank’s incident response plan and associated playbooks
  • Coordinate responses to security incidents, ensuring minimal impact and quick recovery
  • Establish and maintain a threat intelligence program to proactively identify and respond to emerging threats
  • Evaluate, implement, and optimize security processes and technologies to enhance detection and response capabilities
  • Collaborate with IT and engineering teams to integrate security into systems and processes
  • Stay updated on emerging technologies and recommend solutions to address evolving threats
  • Ensure adherence to cyber risk management regulations, including FFIEC and other applicable laws
  • Represent the bank during regulatory examinations, audits, and executive presentations on cyber risk topics
  • Maintain thorough documentation to demonstrate adherence to policies and standards
  • Build and mentor a high-performing security operations team
  • Provide training and development opportunities to ensure team members stay current in the field
  • Foster a culture of accountability, collaboration, and continuous improvement

Requirements

  • Bachelor’s degree in Cybersecurity, Information Technology, Business Administration, or a related field
  • Minimum 10+ years of experience in information security or related field
  • Ability to analyze, prioritize, and manage security incidents effectively
  • Ability to align cyber risk initiatives with business objectives
  • Strong ensure thorough documentation and clear communications over security operations activities
  • Proven track record of building and leading high performing teams
  • Expertise in navigating banking regulations
  • Strong knowledge with information security technologies such as SIEM, SOAR, EDR, NDR, etc.
  • Strong knowledge with leading security investigations
  • Deep understanding of frameworks such as NIST Cybersecurity Framework
  • Proficiency in drafting and enforcing policies, procedures, and playbooks
  • English

Nice to have

  • Advanced degree (MBA, MS) is strongly preferred
  • Relevant industry certifications (CISSP, CISM, GIAC) are strongly preferred
  • At least 3 years of experience in a senior leadership role within the banking or financial services industry
  • Industry Thought Leadership: Recognized as a subject matter expert in the cybersecurity or risk management space

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Cybersecurity Incident Response Team Lead

8 matching positions

Senior Incident Handler - Security Incident Response Team

As an Expert Security Analyst – Incident Coordinator, you will take a leadership...
Location
Location
Netherlands , Veldhoven
Salary
Salary:
Not provided
asml.com Logo
ASML
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s or Master’s in Computer Science, Cybersecurity, or related field
  • 7+ years experience in advanced cybersecurity roles
  • Experience working with stakeholders in a complex organization
  • Proven record of influencing upper management towards security best practices
  • Expertise in Security Monitoring, Log Analysis, and Threat Hunting
  • Deep knowledge of Endpoint, Network, OT, Information and Cloud Security
  • Certifications – CISSP, GCIH, GCFA, CISM preferred
Job Responsibility
Job Responsibility
  • Security Monitoring – monitor security alerts for malicious activity or anomalies, ensuring swift response
  • Incident Handling – Lead investigations into high-profile, complex, or advanced persistent threats (APTs)
  • Threat Hunting – Proactively search for hidden threats and improve detection capabilities
  • Incident Analysis – Correlate data across multiple sources to detect sophisticated attack patterns
  • Detection & Response Optimization – Develop advanced detection techniques and security automation strategies
  • Technology Leadership – Act as an SME for SecOps tools and threat domains
  • Mentorship & Training – Provide guidance and mentorship to analysts at all levels
  • Fulltime
Read More
Arrow Right

Incident Response Lead - Global Security

The Incident Response (IR) Lead is accountable for leading and maturing the orga...
Location
Location
Poland; Sweden; United Kingdom , Łódź; Stockholm; London
Salary
Salary:
Not provided
arrive.com Logo
Arrive
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of experience in cybersecurity, with significant hands-on involvement in Incident Response and Detection & Response functions
  • Demonstrated experience leading and managing IR or SOC teams in complex environments
  • Strong expertise in incident response methodologies, digital forensics, threat hunting, and attacker tactics, techniques, and procedures (TTPs)
  • Solid understanding of security technologies (EDR, SIEM, SOAR), network protocols, operating systems, and enterprise infrastructure
  • Proven ability to translate technical findings into business-relevant insights and communicate effectively with senior stakeholders
  • Experience developing and operationalizing playbooks, detection use cases, and response frameworks
  • Strong analytical and problem-solving capabilities, with attention to detail under pressure
  • Ability to lead in high-stress situations, make informed decisions quickly, and manage competing priorities
  • Experience fostering a high-performing team culture focused on collaboration, ownership, and continuous improvement
  • Excellent written and verbal communication skills, including experience delivering executive briefings
Job Responsibility
Job Responsibility
  • Own and lead the Incident Response function, including strategy, governance, and operational execution
  • Direct and optimize daily IR operations, ensuring efficient handling of security incidents, escalations, and threat hunting activities
  • Act as the central coordination point during major incidents, ensuring structured response, clear communication, and minimal business disruption
  • Design, maintain, and continuously improve incident response playbooks, workflows, and escalation procedures
  • Review and quality-assure investigations, ensuring consistency in analysis, evidence handling, and decision-making
  • Collaborate with internal teams and external partners to ensure seamless incident management
  • Lead, mentor, and develop the IR team, promoting technical excellence, accountability, and continuous learning
  • Support crisis management activities, including participation in tabletop exercises and real-world incident coordination
  • Ensure alignment with regulatory, legal, and compliance requirements related to incident response and breach handling
  • Drive integration between detection engineering, threat intelligence, and response to enhance overall security effectiveness
  • Fulltime
Read More
Arrow Right

Cybersecurity Team Lead

The Cybersecurity Team Lead provides technical leadership, strategic direction, ...
Location
Location
United States , Rockville
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Master's degree, One-and-one- half (1.5) years of additional experience can substitute for one (1) year of a typical degree program
  • Minimum 10 years of experience in cybersecurity engineering or security operations
  • Minimum 5 years of experience leading/coordinating a team of people delivering enterprise security initiatives in complex IT environments with 3,000+ users
  • Minimum 5 years of experience with at least 3 enterprise security technologies (e.g., firewalls, SIEM, IDS/IPS, EDR, vulnerability management tools)
  • Minimum 3 years of experience working in regulated federal environments with document exposure to security frameworks such as NIST 800-53, RMF, FISMA, or FedRAMP
  • Must be a US Citizen who can obtain a Public Trust Security Clearance
Job Responsibility
Job Responsibility
  • Lead the design, implementation, and operation of enterprise cybersecurity technologies and solutions
  • Develop and maintain the organization’s cybersecurity roadmap aligned with evolving threats, mission needs, and regulatory requirements
  • Oversee security operations, including monitoring, alerting, incident response, escalation, and post-incident root cause analysis
  • Manage and optimize security technologies such as firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint detection and response (EDR), SIEM, SOAR, vulnerability scanning tools, and network access control solutions
  • Ensure effective security monitoring across networks, servers, cloud environments, endpoints, and applications
  • Lead vulnerability management activities, including scanning, risk prioritization, remediation coordination, and reporting
  • Conduct and support risk assessments, threat modeling, and security architecture reviews for new and existing systems
  • Collaborate with infrastructure, network, hosting, and cloud teams to ensure secure system design and secure-by-default configurations
  • Support system authorization processes, including development and maintenance of security documentation such as system security plans (SSPs), POA&Ms, and related artifacts
  • Ensure compliance with applicable federal security frameworks, policies, and standards (e.g., FISMA, NIST, agency security requirements)
  • Fulltime
Read More
Arrow Right

Cybersecurity Incident Response Coordinator

The Microsoft Incident Response Team - Detection and Response Team (DART) are se...
Location
Location
United States , Multiple Locations
Salary
Salary:
119800.00 - 234700.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Doctorate in Statistics, Mathematics, Computer Science, Computer Security, or related field OR Master's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
  • OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
  • OR equivalent experience.
  • Ability to meet Microsoft, customer and/or government security screening requirements
  • Microsoft Cloud Background Check
  • Flexibility to work shifts, including assignments during non-standard business hours that may include evening, nighttime, weekends, and/or holidays.
  • 2+ years of hands-on experience with Active Directory, Entra ID, or other enterprise identity platforms and/OR 2+ years threat hunting, windows forensics OR 2+ years pentesting experience
  • 1+ years ability to script or automate tasks using PowerShell or similar tools or 1+ years KQL experience
  • Experience in high pressure reactive incident response environments where customers are experiencing a potentially business-ending event and your evidence-driven plans of action dictate their next steps.
  • Security Certifications in any of the following: OSCP, CISSP, SANS Certifications, SC Certifications from Microsoft.
Job Responsibility
Job Responsibility
  • Scope customer engagements as part of pre-engagement activities, including assessing client needs, defining desired outcomes, and estimating resources and timelines to ensure a successful delivery.
  • Oversee escalation pathways ensuring timely responses, directing issues to the appropriate delivery teams, monitoring progress to resolution, and raising matters to leadership, when necessary, especially in cases of urgent and sensitive nature.
  • Collaborate closely with delivery teams to manage and resolve customer escalations promptly and effectively, ensuring customer satisfaction and maintaining delivery timelines.
  • Oversee staffing and capacity planning for engagements and special event support, ensuring the appropriate allocation of resources to meet demand and client needs effectively.
  • Fulfill on-call duties on a scheduled rotation, inclusive of weekends and holidays.
  • Manage and document the implementation of incident management frameworks and procedures.
  • Collaborate with internal teams, including Legal, Security Research, Product Groups, and others, to address and resolve emerging issues.
  • Ensure operational processes maintain alignment with business objectives.
  • Track the status of operational activities, ensuring schedules and priorities are met.
  • Manage daily and weekly communication and status reporting proactively.
  • Fulltime
Read More
Arrow Right

Cyber Security Incident Response Lead

The Microsoft Detection and Response Team (DART) are seeking a skilled and exper...
Location
Location
United Kingdom , Multiple Locations
Salary
Salary:
Not provided
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Doctorate in Computer Science, Computer Security, or related field
  • Master's Degree in Computer Science, Computer Security, or related field AND several years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
  • Bachelor's Degree in Computer Science, Computer Security, or related field AND several years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
  • equivalent experience
  • Experience in high pressure incident response environments
  • Lead and manage high-profile incident response efforts for some of the world’s largest businesses
  • Coordinate and lead all key stakeholders as the primary point of contact for major incidents
  • Identify gaps early in the engagement process and request appropriate resources to fill those gaps
  • Balance the need for rapid recovery with data collection and evidence preservation
  • Direct activities to secure Enterprise-scale environments and assess potential data exfiltration or data collection
Job Responsibility
Job Responsibility
  • Contextualizing and prioritizing findings to put together a comprehensive account and briefing of the events that transpired during a security incident
  • Pulling together multiple disparate events to build and communicate a cohesive timeline of activity
  • Collaborating with stakeholders at every level of the business, including legal, compliance, cybersecurity, engineering, and executive functions
  • Communicating key objectives and results with clarity and context
  • Managing all of the complexities of large-scale cybersecurity investigations for global multi-national organizations, serving as the primary point of contact
  • Leading research and analysis of security threats, and sharing findings across the team
  • Identifying, conducting, and supporting others in conducting research into critical security areas, such as current attacks, adversary tracking, and academic literature
  • Analyzing complex issues using multiple data sources to develop insights and identify security problems and threats
  • Creating new solutions to mitigate security issues
  • Recommending prioritization and validation methods for technical indicators, developing tools to automate analyses
  • Fulltime
Read More
Arrow Right

Cybersecurity Engineer / Team Lead

The Senior Cybersecurity Engineer / Team Lead provides technical leadership and ...
Location
Location
United States , Arlington
Salary
Salary:
103275.00 - 239062.00 USD / Year
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Masters Degree, One-and-one-half (1.5) years of additional experience can substitute for one (1) year of a typical degree program
  • Minimum 10 years' experience performing the cybersecurity and team lead tasks/responsibilities listed above
  • Ability to obtain and maintain a public trust clearance
Job Responsibility
Job Responsibility
  • Lead full lifecycle NIST RMF activities, including categorization, control implementation, security assessment, POA&M management, and ATO sustainment
  • Ensure compliance with federal security standards such as FISMA, HIPAA, and agency-specific security policies
  • Coordinate with assessment and authorization stakeholders to maintain documentation, respond to findings, and support audits and system reviews
  • Oversee enterprise vulnerability scanning operations using tools such as Nessus and agency-approved scanners
  • Review scan results, validate findings, determine criticality, and coordinate remediation with system owners and operations teams
  • Develop and maintain processes for continuous monitoring, risk scoring, and reporting to leadership
  • Integrate threat intelligence platforms to identify emerging risks and drive proactive mitigation strategies
  • Support security audits, penetration tests, and secure configuration enforcement
  • Lead coordination with internal security teams, IT operations, legal/compliance, and government stakeholders to ensure proper handling, documentation, and reporting
  • Use enterprise security tools (e.g., SIEM platforms, endpoint protection, IDS/IPS) to monitor events and support investigations
What we offer
What we offer
  • medical insurance
  • dental insurance
  • vision insurance
  • flexible spending or health savings account
  • life and AD&D insurance
  • short and long term disability coverage
  • paid time off
  • employee assistance
  • participation in a 401k program with company match
  • additional voluntary or legally-required benefits
  • Fulltime
Read More
Arrow Right

Director, Security Operations and Incident Response

At Comcast, we are committed to providing secure and reliable services for our c...
Location
Location
United States , Philadelphia
Salary
Salary:
Not provided
comcastcorporation.com Logo
Comcast
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of relevant cybersecurity experience, including leadership experience in cybersecurity operations, security incident response, threat hunting, threat detection, or enterprise SOC functions in a large, complex environment with at least 5 years of experience managing leaders of people
  • Demonstrated experience managing high-severity cybersecurity incidents, including executive communications, cross functional coordination, containment strategy, remediation oversight, and post-incident improvement
  • This role supports a 24x7 cybersecurity operation and requires availability outside of standard business hours, including nights, weekends, and holidays, during critical incidents and high-severity security events
  • Strong leadership experience building, managing, and scaling technical security teams, including managers, incident responders, SOC analysts, threat hunters, detection engineers, and specialized security professionals
  • Deep technical understanding of modern security operations, including SIEM, EDR, threat intelligence, malware analysis, digital forensics, cloud security, identity security, network security, automation, and detection engineering
  • Experience partnering with engineering teams to build, improve, and operationalize security tools, data platforms, dashboards, automations, telemetry pipelines, and analyst workflows
  • Proven ability to make high-impact decisions under pressure and lead teams through ambiguous, fast-moving security events
  • Experience developing incident response operating models, playbooks, escalation procedures, readiness exercises, metrics, and continuous improvement programs
  • Strong understanding of adversary tradecraft, threat hunting methodologies, detection lifecycle management, and frameworks such as MITRE ATT&CK
  • Strong executive communication skills, including the ability to brief senior leaders on risk, impact, operational status, capacity gaps, and recommended actions
Job Responsibility
Job Responsibility
  • Lead and scale Comcast’s SOC, Security Incident Response Team, threat hunting, and threat detection functions, ensuring the organization is trained, equipped, and structured to respond effectively to routine security events and major incidents
  • Build the operating model, staffing approach, escalation paths, runbooks, and surge capacity required to manage multiple concurrent major incidents
  • Serve as a senior incident commander for high-severity cybersecurity events, coordinating response across technical teams, business stakeholders, legal, privacy, communications, and executive leadership
  • Lead Comcast’s threat hunting function to proactively identify adversary behavior, emerging attack patterns, control gaps, and high-risk activity before it becomes a major incident. Including leading Purple Team activities
  • Own and mature the enterprise threat detection strategy, including detection coverage, alert fidelity, tuning, detection lifecycle management, and alignment to threat intelligence, adversary tradecraft, and business risk
  • Partner with security engineering, data engineering, platform engineering, and product teams to design and improve the tools, pipelines, dashboards, automations, and case management workflows used by cyber operations teams
  • Drive continuous improvement across SIEM use cases, endpoint detections, cloud detections, identity detections, network telemetry, enrichment pipelines, automation, and analyst workflows
  • Ensure lessons learned from incidents and hunts directly inform new detections, improved runbooks, stronger controls, and better response procedures
  • Develop and continuously improve incident response strategy, severity models, communications protocols, after-action reviews, and remediation tracking
  • Establish executive reporting on incident trends, SOC performance, detection quality, threat hunting outcomes, operational capacity, readiness gaps, and enterprise risk
What we offer
What we offer
  • Medical, prescription, vision, and dental insurance for eligible employees
  • 401(k) savings plan with dollar-for-dollar matching up to the first 6% of your pay
  • Paid time off including eight observed company holidays and flex time
  • Exclusive perks + discounts, including tuition assistance, commuter benefits and more
  • Fulltime
Read More
Arrow Right

Cyber Incident Response Commander

The Cyber Incident Response Commander plays a critical leadership role in managi...
Location
Location
Canada , Montréal
Salary
Salary:
Not provided
https://www.soprasteria.com Logo
Sopra Steria
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree (or equivalent) in Cybersecurity, Computer Science, or related STEM field
  • Minimum 5 years of experience in cybersecurity roles such as CERT / CSIRT, SOC / SecOps, GRC (Governance, Risk & Compliance)
  • Required Certifications (or equivalent experience): GCFA, CIH, CISSP, CEH, ECSA, ITIL Foundation
  • Strong knowledge of incident response methodologies (e.g., NIST, ISO 27035, SANS)
  • Experience with SOC operations and forensic investigations
  • Good understanding of security tools, detection, and response techniques
  • Ability to communicate complex cybersecurity topics to senior leadership and executives
  • Professional proficiency in English (written and spoken)
Job Responsibility
Job Responsibility
  • Maintain and continuously improve the Incident Response Plan (IRP) and its appendices
  • Ensure alignment between the IRP and other relevant security policies and frameworks
  • Develop and refine incident response playbooks to ensure clarity of roles and operational efficiency
  • Collaborate with Legal and Communications teams to strengthen response processes
  • Tailor IRPs to specific scopes (e.g., regions, subsidiaries, maritime operations)
  • Capture lessons learned from incidents and provide actionable improvement recommendations
  • Identify links and patterns between incidents to improve detection and response strategies
  • Support internal and external audits by providing required documentation and evidence
  • Act as Incident Commander during security incidents, coordinating cross-functional teams
  • Assess incident severity and determine appropriate escalation levels
What we offer
What we offer
  • Strong base salary
  • Annual performance bonus
  • Fully covered benefits package including life insurance, long-term disability, health, dental, and vision coverage, plus a health spending account
  • Sopra Steria covers 100% of premiums
  • Generous paid time off including sick leave, personal days, and 3 weeks of vacation
  • Monthly transportation allowance
  • Excellent learning, development, and career advancement opportunities
  • Hybrid work environment
  • All necessary equipment provided
  • Fulltime
Read More
Arrow Right