CrawlJobs Logo

Global Detection and Response Lead

United States, San Francisco 347000.00 - 490000.00 USD / Year · Job Posted March 10, 2026
Apply Position
Job Link Share

Job Description

We are seeking a Global Detection and Response Lead to own and scale OpenAI’s cybersecurity detection and response operations. In this role, you will set the strategy and drive execution for security monitoring, incident response, recovery, and post-incident improvements across our global infrastructure. You will be a hands-on leader with deep technical credibility and strong operational instincts. You will build and mentor high-performing teams, partner closely with Infrastructure, Research, Product Security, Enterprise Security, IT, and Engineering, and ensure that detection and response capabilities are embedded by design into the systems that power OpenAI. This is a strategic and practical leadership role requiring deep technical credibility, operational rigor, and the ability to build high-performing teams in a fast-moving environment.

Job Responsibility

  • Oversee global detection and response operations, including continuous monitoring, triage, investigation, containment, and remediation of security events across a diverse set of networks and infrastructure
  • Lead, mentor, and directly manage several small teams of senior engineers across observability, detection and response, and threat intelligence
  • Hire and scale these functions deliberately and proportionately as OpenAI’s compute footprint and platform ambitions grow
  • Ensure world-class operational rigor and readiness through management of incident playbooks, on-call and escalation paths, tabletop exercises, and continuous improvement of response quality and speed
  • Improve detection quality and coverage by partnering with engineering teams to ensure critical telemetry is available, reliable, and actionable across cloud, corporate, and production environments
  • Deeply partner across all of OpenAI to evaluate and respond to emergent security concerns in a frontier AI lab environment, such as detection and response strategies for agents operating across infrastructure at scale
  • Build a world-class security program capable of withstanding tier-1 adversaries by maximally embracing our own models to solve frontier security problems

Requirements

  • 10+ years in cybersecurity with deep expertise in detection engineering, incident response, and security operations
  • Active U.S. Government security clearance (Top Secret) or willingness and eligibility to obtain one
  • Mission-oriented, have unimpeachable integrity, and are passionate and motivated to detect and respond to adversaries in a highly complex, fast-paced environment
  • Deep experience building and leading detection and response, instrumentation/observability, and threat intelligence teams across a global footprint, including airgapped and sovereign environments
  • Stellar leadership skills, and a demonstrated history of driving durable, and continuous improvements to programs, processes, and people
  • Exceptional written and verbal communication skills, can remain calm under pressure, and can effectively run command of security incidents involving numerous stakeholders across a diverse gamut of teams, expertise, and seniority
  • Deep expertise in modern observability stacks (e.g., SIEM, data lakes, EDR, cloud telemetry, logging) and detection primitives
  • Understand modern adversary tradecraft (TTPs) and have demonstrated experience and expertise translating it into practical detection strategies and response actions

What we offer

  • Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts
  • Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)
  • 401(k) retirement plan with employer match
  • Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)
  • Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees
  • 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick or safe time (1 hour per 30 hours worked, or more, as required by applicable state or local law)
  • Mental health and wellness support
  • Employer-paid basic life and disability coverage
  • Annual learning and development stipend to fuel your professional growth
  • Daily meals in our offices, and meal delivery credits as eligible
  • Relocation support for eligible employees
  • Additional taxable fringe benefits, such as charitable donation matching and wellness stipends, may also be provided
  • Offers Equity
  • Performance-related bonus(es) for eligible employees

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Global Detection and Response Lead

8 matching positions

Incident Response Lead - Global Security

The Incident Response (IR) Lead is accountable for leading and maturing the orga...
Location
Location
Poland; Sweden; United Kingdom , Łódź; Stockholm; London
Salary
Salary:
Not provided
arrive.com Logo
Arrive
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of experience in cybersecurity, with significant hands-on involvement in Incident Response and Detection & Response functions
  • Demonstrated experience leading and managing IR or SOC teams in complex environments
  • Strong expertise in incident response methodologies, digital forensics, threat hunting, and attacker tactics, techniques, and procedures (TTPs)
  • Solid understanding of security technologies (EDR, SIEM, SOAR), network protocols, operating systems, and enterprise infrastructure
  • Proven ability to translate technical findings into business-relevant insights and communicate effectively with senior stakeholders
  • Experience developing and operationalizing playbooks, detection use cases, and response frameworks
  • Strong analytical and problem-solving capabilities, with attention to detail under pressure
  • Ability to lead in high-stress situations, make informed decisions quickly, and manage competing priorities
  • Experience fostering a high-performing team culture focused on collaboration, ownership, and continuous improvement
  • Excellent written and verbal communication skills, including experience delivering executive briefings
Job Responsibility
Job Responsibility
  • Own and lead the Incident Response function, including strategy, governance, and operational execution
  • Direct and optimize daily IR operations, ensuring efficient handling of security incidents, escalations, and threat hunting activities
  • Act as the central coordination point during major incidents, ensuring structured response, clear communication, and minimal business disruption
  • Design, maintain, and continuously improve incident response playbooks, workflows, and escalation procedures
  • Review and quality-assure investigations, ensuring consistency in analysis, evidence handling, and decision-making
  • Collaborate with internal teams and external partners to ensure seamless incident management
  • Lead, mentor, and develop the IR team, promoting technical excellence, accountability, and continuous learning
  • Support crisis management activities, including participation in tabletop exercises and real-world incident coordination
  • Ensure alignment with regulatory, legal, and compliance requirements related to incident response and breach handling
  • Drive integration between detection engineering, threat intelligence, and response to enhance overall security effectiveness
  • Fulltime
Read More
Arrow Right

Cybersecurity Manager - Detection and Response

Microsoft Incident Response – the Detection and Response Team (DART) – part of t...
Location
Location
United Kingdom , Multiple Locations
Salary
Salary:
Not provided
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Doctorate in Statistics, Mathematics, Computer Science, Computer Security, or related field
  • OR Master's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field and several years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection and several years of experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
  • OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field and several years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR equivalent experience
  • Many years of people management and/or informal/indirect team leadership experience
  • Strong analytic, qualitative, and quantitative reasoning skills
  • Track record of successfully managing a technical business group and maintaining consistent growth
  • Recognized as a strategic leader who can hire, retain and motivate diverse quality talent
  • Experience leading both a services organization and product development function
  • Develop business strategy and provide technical thought leadership
  • Manage customer engagements escalations to ensure customer satisfaction
Job Responsibility
Job Responsibility
  • People Management: Responsible for mentoring, managing and leading a team of cyber security analysts, engineers, developers, leads and incident managers
  • Managers deliver success through empowerment and accountability by modeling, coaching, and caring
  • Strategic Initiatives: Secure partner relationships and work closely with internal product and services groups as well as co-delivering with Microsoft’s Partner ecosystem
  • Develop and mentor individual contributors through open communication, training and development opportunities and performance management processes
  • Develop and maintain objectives, metrics and KPIs supporting the department’s strategic direction and continuously improve incident response technical capabilities
  • Communicate complex and technical issues to diverse audiences, verbally and in writing, in an easily understood, authoritative, and actionable manner
  • Present to a wide range and size of audiences from IT Pro, to CxO, to business decision makers
  • Technical leadership and executive presence to establish Trusted Technical Advisor to influence senior decision makers to mature and promote customer’s security posture across the overall technology landscape
  • Drive investigative teams to exhaust all investigative leads in the expectation of discovering novel attacker techniques
  • Investigate and research these techniques, and partner with threat intelligence and security engineering to drive security tooling and product enhancements
  • Fulltime
Read More
Arrow Right

Senior Information Security Incident Response Lead

The Senior Information Security Incident Response Lead is responsible for managi...
Location
Location
Mexico , Mexico
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree or equivalent in Information Technology, Computer Science or related preferred
  • SANS GIAC Security Essentials (GSEC) or equivalent preferred
  • SANS GIAC Certified Intrusion Analyst (GCIA) or equivalent preferred
  • SANS GIAC Certified Incident Handler (GCIH) or equivalent preferred
  • Advanced experience in a Technology Information Security Industry
  • Advanced experience or knowledge of SIEM and IPS technologies
  • Advanced experience with Wireshark or tcpdump to identify normal and abnormal/malicious traffic patterns and behaviors
  • Advanced understanding of End Point Protection Software
  • Advanced understanding of Enterprise Detection and Response software
  • Advanced knowledge of technological advances within the information security arena
Job Responsibility
Job Responsibility
  • Manages the prevention and resolution of security breaches and ensure incident and problem management processes are initiated
  • Performs access management activities according to the policy
  • Implements and discusses security service audit schedules, review access authorization and perform the required access controls and testing to identify security weaknesses
  • Interacts with a global team of Cyber Security Analysts and specialists
  • Manages 2nd level triaging of security alerts, events, and notifications
  • Manages notifications of internal and/or external teams according to agreed alert priority levels, and escalation trees
  • Communicates status of response, resolution and final root cause analysis to the appropriate stakeholders
  • Follows and updates established and/or ad-hoc processes and work instructions and create procedures where deficiencies are identified
  • Logs, manages and coordinates service requests through to resolution including the identification, isolation, resolution and escalation of IT infrastructure faults
  • Maintains an understanding of current and emerging threats, vulnerabilities, and trends
Read More
Arrow Right

Cyber Security Incident Response Lead

The Microsoft Detection and Response Team (DART) are seeking a skilled and exper...
Location
Location
United Kingdom , Multiple Locations
Salary
Salary:
Not provided
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Doctorate in Computer Science, Computer Security, or related field
  • Master's Degree in Computer Science, Computer Security, or related field AND several years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
  • Bachelor's Degree in Computer Science, Computer Security, or related field AND several years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
  • equivalent experience
  • Experience in high pressure incident response environments
  • Lead and manage high-profile incident response efforts for some of the world’s largest businesses
  • Coordinate and lead all key stakeholders as the primary point of contact for major incidents
  • Identify gaps early in the engagement process and request appropriate resources to fill those gaps
  • Balance the need for rapid recovery with data collection and evidence preservation
  • Direct activities to secure Enterprise-scale environments and assess potential data exfiltration or data collection
Job Responsibility
Job Responsibility
  • Contextualizing and prioritizing findings to put together a comprehensive account and briefing of the events that transpired during a security incident
  • Pulling together multiple disparate events to build and communicate a cohesive timeline of activity
  • Collaborating with stakeholders at every level of the business, including legal, compliance, cybersecurity, engineering, and executive functions
  • Communicating key objectives and results with clarity and context
  • Managing all of the complexities of large-scale cybersecurity investigations for global multi-national organizations, serving as the primary point of contact
  • Leading research and analysis of security threats, and sharing findings across the team
  • Identifying, conducting, and supporting others in conducting research into critical security areas, such as current attacks, adversary tracking, and academic literature
  • Analyzing complex issues using multiple data sources to develop insights and identify security problems and threats
  • Creating new solutions to mitigate security issues
  • Recommending prioritization and validation methods for technical indicators, developing tools to automate analyses
  • Fulltime
Read More
Arrow Right

Vuln and Exposure Response Manager

At Vodafone, we’re not just shaping the future of connectivity for our customers...
Location
Location
United Kingdom , Newbury
Salary
Salary:
Not provided
vodafone.com Logo
Vodafone
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Proven experience in vulnerability investigation, incident response or threat-based testing
  • Practical experience of red teaming or purple teaming, including planning, scoping and translating findings into operational change
  • Strong investigative judgement and knowledge of attacker techniques across infrastructure, cloud and web applications
  • Ability to coordinate matrix teams and influence technical and business stakeholders globally
  • Clear communicator able to present technical findings as concise, risk-based recommendations
Job Responsibility
Job Responsibility
  • Lead high-impact investigations and remediation for critical vulnerabilities and to plan and govern red-team and purple-team exercises that materially reduce Vodafone’s external exposure
  • Lead investigations into critical vulnerabilities, responsible disclosures and detection gaps and decide on immediate containment actions where required
  • Plan, commission and govern red-team and purple-team exercises, including scoping, objective setting and selection of internal or external providers
  • Own the lifecycle of high-priority remediation notices, from drafting and prioritisation through to closure or documented risk acceptance
  • Translate investigative and adversarial findings into clear, actionable recommendations for process, people and technology, and drive these recommendations to completion with market and platform owners
  • Act as the single point of escalation for exposure-related issues and provide concise briefings to senior stakeholders on trends and required actions
What we offer
What we offer
  • Yearly bonus: 10%
  • Annual leave: 28 days + bank holidays + the opportunity to buy/sell/carry over 5 days/year
  • Charity days: 5 days/year
  • Maternity leave: 52 weeks: the first 13 weeks are fully paid, followed by 26 weeks of half pay
  • Private pension: You can contribute up to 5% of your basic pay with 2:1 matching from Vodafone up to 10%
  • Access to: private medical, private dental, free health assessments, share save scheme
  • Additional discounts: Vodafone retail, gym, cinema, cycle to work, season ticket loan
Read More
Arrow Right

Global Head of Cyber Risk and Compliance

The Technology & Cyber Compliance and Operational Risk Office (TCCORO) at Citi i...
Location
Location
United States , Irving, Texas, United States, New York, New York, United States
Salary
Salary:
250000.00 - 500000.00 USD / Year
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 20+ years' experience in technology risk and/or cyber risk management in the banking/financial services industry, or related field, with at least 5+ years in 2nd or 3rd line senior leadership positions
  • Subject matter expert in technology risk and/or cyber risk management principles and practices across various information system architecture and engineering domains
  • Proven experience in managing complex risk portfolios and developing strategic risk management frameworks for large organizations
  • Robust understanding of operational risk management frameworks, industry standards, regulatory requirements, and risk mitigation practices
  • Experience managing and overseeing large remediation and transformation programs to achieve intended results
  • Extensive experience in effective written and verbal communication with executive audiences including Boards
  • Experienced risk challenger who balances risks vs. rewards aligned with corporate risk culture
  • Understanding of Citi products and services and downstream impacts of technology risk and/or cyber risk strategy
  • Professional certifications in either technology risk and/or cyber risk preferred, including: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), ERM, CET, ISO27001, COBIT, TOGAF, or CRI
  • In-depth, working knowledge of banking technologies, fraud, cybercrime detection and countermeasures, encryption, data retention, as well as information security support for segregation of duties, application development, network and systems operation, testing and vendor management
Job Responsibility
Job Responsibility
  • Oversight and challenge of the cybersecurity incident response programs
  • Oversight of the security operations center (SOC) and cybersecurity fusion center (CSFC)
  • Oversight of cybersecurity penetration testing and red-team operations
  • Oversight of the Chief Information Security Office (CISO), including the review of the effectiveness of the controls, standards and programs across the enterprise
  • Implementation of guidance for overseeing Emerging Technology and Operational Risks, in compliance with OCC Heightened Standards
  • Able to present and lead discussions with key Regulators, internal and external auditors, as well the Board of Directors and the Risk and Audit sub-committees
  • Governance and Oversight of security risks impacting the business and technology
  • Support in the development of Cyber Policy and Standards
  • Oversight of Key Operational Risks and related indicators and thresholds
  • Challenge of Cyber Risk Self Assessments
What we offer
What we offer
  • Discretionary and formulaic incentive and retention awards
  • medical, dental & vision coverage
  • 401(k)
  • life, accident, and disability insurance
  • wellness programs
  • paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays
  • Fulltime
Read More
Arrow Right
New

Information Security Manager

We are looking for a Lab Security Manager who can rise to the complexity of prot...
Location
Location
United States , Austin
Salary
Salary:
152000.00 - 228000.00 USD / Year
amd.com Logo
AMD
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Background in semiconductor, hardware engineering, or other R&D-intensive industries where pre-release IP protection is mission-critical
  • Experience evaluating and securing connectivity to ODC (Outsourced Design Center) or OSAT (Outsourced Semiconductor Assembly and Test) partners, or equivalent third-party manufacturing and engineering partners in the semiconductor supply chain
  • Experience securing AI/ML compute infrastructure, including familiarity with GPU cluster deployments, fabric interconnects, and associated operational environments
  • One or more relevant certifications: CISSP, CISM, GIAC or equivalent
  • Experience working in or alongside a Security Operations Center (SOC), including familiarity with SIEM platforms, UEBA tools, and alert triage workflows
  • Prior experience in a role that required coordination across physical security, IT security, and legal/compliance functions simultaneously
  • BS/MS preferred in related field
  • SANS, MCSE, RHCSS, CISSP, CISA, CISM certification(s)
Job Responsibility
Job Responsibility
  • Define and enforce security standards across global labs and compute facilities
  • Partner with facilities teams to embed security into lab design and operations
  • Maintain site-specific security plans for critical locations
  • Establish security controls for large-scale compute environments (e.g., GPU clusters, AI farms)
  • Enforce network segmentation, monitoring, and anomaly detection
  • Mitigate risks at the intersection of physical and logical access
  • Lead protection of sensitive IP, including pre-release hardware and software
  • Develop insider threat controls and collaborate with HR, Legal, and SOC
  • Manage protocols for handling sensitive assets, visitors, and contractors
  • Ensure compliance with EAR, ISO, NIST, and other frameworks
  • Fulltime
Read More
Arrow Right
New

Incident Response Manager

As Incident Response Manager within our Security Operations team, you will perfo...
Location
Location
Portugal , Porto; Lisbon
Salary
Salary:
Not provided
https://www.tui.com Logo
TUI
Expiration Date
July 28, 2026
Flip Icon
Requirements
Requirements
  • You have experience practicing all technical, functional, and operational aspects of cyber security incident handling and response in an enterprise organization
  • Your ability to collect, analyze, and correlate cyber threat information enables you to manage incident response related to operating systems, servers, clouds, and relevant infrastructures
  • You bring strong knowledge of cyber incident handling standards, methodologies, and frameworks along with Secure Operation Centres platform technology such as SIEM, SOAR and CTI
  • You possess management skills for incident records, report writing and presentation with the ability to analyze and report security incidents to technical and non-technical stakeholders
  • Your communication skills, both written and verbal, enable you to influence information security and IT operations colleagues from around the world
  • You have solid understanding of cyber threats, Cyber Kill Chain, Attack and Defend Frameworks, along with knowledge of cyber security-related certifications, laws, regulations, and legislations
Job Responsibility
Job Responsibility
  • You'll contribute to the development, maintenance, and assessment of our Cyber Incident Response Plan while developing and implementing procedures related to incident handling
  • Identifying, analyzing, mitigating, and communicating cyber security incidents, you'll apply problem management to prevent incidents from reoccurring and measure detection and response effectiveness
  • We'll look to you to collect, analyze, and correlate cyber threat information from multiple sources, producing actionable intelligence for dissemination to stakeholders at tactical, operational, and strategic levels
  • Evaluating the resilience of cyber security controls, you'll adopt and develop incident handling testing techniques while establishing procedures for incident results analysis and reporting
  • Your role will involve cooperating with and supporting Secure Operation Centres and Computer Security Incident Response Teams while documenting incident handling actions comprehensively
  • Working closely with the Cyber Security Operations Lead, information security colleagues, IT operations teams globally, and key personnel, you'll ensure reporting of security incidents according to applicable regulatory and legal frameworks
What we offer
What we offer
  • Attractive remuneration
  • discretionary bonus schemes
  • generous travel benefits
  • extensive health & well-being support
  • Flexible working
  • dynamic working environment
  • Access the TUI Learning Hub
  • opportunities to work on global projects and teams
  • local charity and sustainability initiatives like the TUI Care Foundation
  • Fulltime
Read More
Arrow Right