CrawlJobs Logo

Incident Response Lead - Global Security

Poland; Sweden; United Kingdom, Łódź · Job Posted May 20, 2026
Apply Position
Job Link Share

Job Description

The Incident Response (IR) Lead is accountable for leading and maturing the organization’s detection and response capability, ensuring efficient execution of incident handling, investigation, and recovery activities across Arrive. This role combines operational leadership with strategic oversight, ensuring the IR function remains resilient, scalable, and aligned with the evolving threat landscape. The IR Lead drives day-to-day operations while shaping long-term improvements in processes, tooling, and methodologies. This includes ensuring incidents are identified, triaged, and resolved in a timely and structured manner, while continuously enhancing detection logic and response playbooks based on lessons learned. This role requires a strong leader who can operate at both technical and strategic levels, bridging security operations with business priorities. The IR Lead is expected to translate incident insights into actionable improvements, strengthen cross-functional collaboration, and provide clear, risk-based communication to stakeholders, including senior leadership. Reporting to the Sr. Director of Security Operations, the IR Lead plays a central role in strengthening organizational cyber resilience and ensuring a coordinated, intelligence-driven response capability.

Job Responsibility

  • Own and lead the Incident Response function, including strategy, governance, and operational execution
  • Direct and optimize daily IR operations, ensuring efficient handling of security incidents, escalations, and threat hunting activities
  • Act as the central coordination point during major incidents, ensuring structured response, clear communication, and minimal business disruption
  • Design, maintain, and continuously improve incident response playbooks, workflows, and escalation procedures
  • Review and quality-assure investigations, ensuring consistency in analysis, evidence handling, and decision-making
  • Collaborate with internal teams and external partners to ensure seamless incident management
  • Lead, mentor, and develop the IR team, promoting technical excellence, accountability, and continuous learning
  • Support crisis management activities, including participation in tabletop exercises and real-world incident coordination
  • Ensure alignment with regulatory, legal, and compliance requirements related to incident response and breach handling
  • Drive integration between detection engineering, threat intelligence, and response to enhance overall security effectiveness
  • Proactively hunt for threats and integrate intelligence to anticipate attacks
  • Develop and refine detection content and rules (e.g., SIEM, EDR) to map against adversary tactics
  • Identify gaps in current capabilities and lead initiatives to enhance tooling, automation, and operational maturity
  • Build and maintain a strong collaboration with all are strategic MSSP and security vendors to enhance security operations and fully utilise available resources and expertise
  • Produce and present executive-level reporting, including incident trends, root cause analysis, and business impact assessments
  • Develop and maintain a repeatable incident orchestration standard to regular security incident tickets

Requirements

  • 10+ years of experience in cybersecurity, with significant hands-on involvement in Incident Response and Detection & Response functions
  • Demonstrated experience leading and managing IR or SOC teams in complex environments
  • Strong expertise in incident response methodologies, digital forensics, threat hunting, and attacker tactics, techniques, and procedures (TTPs)
  • Solid understanding of security technologies (EDR, SIEM, SOAR), network protocols, operating systems, and enterprise infrastructure
  • Proven ability to translate technical findings into business-relevant insights and communicate effectively with senior stakeholders
  • Experience developing and operationalizing playbooks, detection use cases, and response frameworks
  • Strong analytical and problem-solving capabilities, with attention to detail under pressure
  • Ability to lead in high-stress situations, make informed decisions quickly, and manage competing priorities
  • Experience fostering a high-performing team culture focused on collaboration, ownership, and continuous improvement
  • Excellent written and verbal communication skills, including experience delivering executive briefings
  • Bachelor’s or Master’s degree in Cybersecurity, Information Technology, or a related discipline - a plus
  • Relevant certifications such as GCIH, GCFA, GSOM, or equivalent industry-recognized credentials - a plus

Nice to have

  • Bachelor’s or Master’s degree in Cybersecurity, Information Technology, or a related discipline
  • Relevant certifications such as GCIH, GCFA, GSOM, or equivalent industry-recognized credentials

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Incident Response Lead - Global Security

8 matching positions

Senior Information Security Incident Response Lead

The Senior Information Security Incident Response Lead is responsible for managi...
Location
Location
Mexico , Mexico
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree or equivalent in Information Technology, Computer Science or related preferred
  • SANS GIAC Security Essentials (GSEC) or equivalent preferred
  • SANS GIAC Certified Intrusion Analyst (GCIA) or equivalent preferred
  • SANS GIAC Certified Incident Handler (GCIH) or equivalent preferred
  • Advanced experience in a Technology Information Security Industry
  • Advanced experience or knowledge of SIEM and IPS technologies
  • Advanced experience with Wireshark or tcpdump to identify normal and abnormal/malicious traffic patterns and behaviors
  • Advanced understanding of End Point Protection Software
  • Advanced understanding of Enterprise Detection and Response software
  • Advanced knowledge of technological advances within the information security arena
Job Responsibility
Job Responsibility
  • Manages the prevention and resolution of security breaches and ensure incident and problem management processes are initiated
  • Performs access management activities according to the policy
  • Implements and discusses security service audit schedules, review access authorization and perform the required access controls and testing to identify security weaknesses
  • Interacts with a global team of Cyber Security Analysts and specialists
  • Manages 2nd level triaging of security alerts, events, and notifications
  • Manages notifications of internal and/or external teams according to agreed alert priority levels, and escalation trees
  • Communicates status of response, resolution and final root cause analysis to the appropriate stakeholders
  • Follows and updates established and/or ad-hoc processes and work instructions and create procedures where deficiencies are identified
  • Logs, manages and coordinates service requests through to resolution including the identification, isolation, resolution and escalation of IT infrastructure faults
  • Maintains an understanding of current and emerging threats, vulnerabilities, and trends
Read More
Arrow Right

Cyber Security Incident Response Lead

The Microsoft Detection and Response Team (DART) are seeking a skilled and exper...
Location
Location
United Kingdom , Multiple Locations
Salary
Salary:
Not provided
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Doctorate in Computer Science, Computer Security, or related field
  • Master's Degree in Computer Science, Computer Security, or related field AND several years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
  • Bachelor's Degree in Computer Science, Computer Security, or related field AND several years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
  • equivalent experience
  • Experience in high pressure incident response environments
  • Lead and manage high-profile incident response efforts for some of the world’s largest businesses
  • Coordinate and lead all key stakeholders as the primary point of contact for major incidents
  • Identify gaps early in the engagement process and request appropriate resources to fill those gaps
  • Balance the need for rapid recovery with data collection and evidence preservation
  • Direct activities to secure Enterprise-scale environments and assess potential data exfiltration or data collection
Job Responsibility
Job Responsibility
  • Contextualizing and prioritizing findings to put together a comprehensive account and briefing of the events that transpired during a security incident
  • Pulling together multiple disparate events to build and communicate a cohesive timeline of activity
  • Collaborating with stakeholders at every level of the business, including legal, compliance, cybersecurity, engineering, and executive functions
  • Communicating key objectives and results with clarity and context
  • Managing all of the complexities of large-scale cybersecurity investigations for global multi-national organizations, serving as the primary point of contact
  • Leading research and analysis of security threats, and sharing findings across the team
  • Identifying, conducting, and supporting others in conducting research into critical security areas, such as current attacks, adversary tracking, and academic literature
  • Analyzing complex issues using multiple data sources to develop insights and identify security problems and threats
  • Creating new solutions to mitigate security issues
  • Recommending prioritization and validation methods for technical indicators, developing tools to automate analyses
  • Fulltime
Read More
Arrow Right

Security professional - global security operations center shift lead

Allied Universal® is hiring a Global Security Operations Center (GSOC) Shift Lea...
Location
Location
United States , Carlsbad
Salary
Salary:
24.50 USD / Hour
aus.com Logo
Allied Universal®
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • High school diploma or equivalent
  • Licensing requirements are subject to state and/or local laws and regulations and may be required prior to employment
  • Minimum of two (2) years of technical writing experience
  • Minimum of two (2) years of verifiable security experience
  • Minimum of two (2) years of verifiable Global Security Operation Center experience
  • Minimum of two (2) years of experience using CCURE and other surveillance tools (e.g., Genetic)
  • Must possess one or more of the following: Service in the active-duty military, military reserves, or National Guard
  • Service in auxiliary police or police cadets
  • Bachelor’s Degree or higher in Emergency Management, Communications, Information Technology, Political Sciences, Criminal Justice, or related field of study
  • Technical writing skills
Job Responsibility
Job Responsibility
  • Oversee day to day operations within the GSOC, ensuring all procedures and protocols are followed
  • Manage and coordinate the activities of the GSOC team during the shift, including monitoring security systems, handling incidents, and responding to emergencies
  • Update the GSOC Operator schedule
  • ensure coverage for all openings and callout
  • notify the Account Manager if there are any open posts that cannot be covered
  • Ensure all GSOC activities comply with local, national, and international laws and client regulations
  • Conduct regular audits and assessments to identify area of improvement
  • Ensure all training requirements are met for all operators
  • complete training checklists for new hires and when retraining operators
  • Assist in the development, implementation, and enforcement of Standard Operating Procedures (SOPs) for the GSOC to ensure consistent and effective operations
What we offer
What we offer
  • Medical, dental, vision, basic life, AD&D, and disability insurance
  • Enrollment in our company’s 401(k)plan, subject to eligibility requirements
  • Eight paid holidays annually, five sick days, and four personal days
  • Vacation time offered at an accrual rate of 3.08 hours biweekly. Unused vacation is only paid out where required by law
  • Fulltime
Read More
Arrow Right

Incident Response Lead

As the Incident Response Lead, you will be the captain of the front-line defense...
Location
Location
United States
Salary
Salary:
185000.00 - 200000.00 USD / Year
jfrog.com Logo
JFrog
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Optional: Leadership Experience: 2+ years of experience leading technical teams or acting as a formal mentor/technical lead in a security context
  • Deep Technical Roots: 7+ years of industry experience in IR with a focus on Information Security principles
  • Cloud Mastery: Proven expertise in attack and mitigation methods within complex AWS, GCP, or Azure environments
  • Incident Response Prowess: Extensive experience in risk prioritization and managing the lifecycle of security incidents in a global production environment
  • Technical Breadth: Mastery in at least 5 of the following: Endpoint Protection (EDR/XDR) & Zero Trust architecture
  • Identity Management (IAM/IDM) and SSO/SAML
  • Security Analytics (SIEM/Logging) such as ELK or Splunk
  • Container Security (Docker, Kubernetes)
  • Email Protection & Patch Management
  • Coding Proficiency: Ability to review and guide the development of security tools in Python or Go
Job Responsibility
Job Responsibility
  • Incident Commander: Act as the primary escalation point for high-priority security incidents, leading the triage, containment, and post-mortem processes
  • Drive Automation: Champion "Security as Code" by leading the development of internal tools (Python/Go) to automate monitoring and remediation
  • Cross-Functional Partnership: Collaborate with SRE, DevOps, and Product teams to drive holistic fixes for systemic architectural vulnerabilities
  • Evangelize Security: Build a culture of security across the organization through training, documentation, and proactive risk management
What we offer
What we offer
  • Open to remote work for candidates outside a reasonable commuting distance to the Atlanta office
  • equity package of restricted stock units (RSU)
  • eligibility to participate in our Employee Stock Purchase Plan
  • comprehensive benefits including medical, dental, vision, retirement, wellness and much more
  • Fulltime
Read More
Arrow Right

Global Detection and Response Lead

We are seeking a Global Detection and Response Lead to own and scale OpenAI’s cy...
Location
Location
United States , San Francisco
Salary
Salary:
347000.00 - 490000.00 USD / Year
openai.com Logo
OpenAI
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years in cybersecurity with deep expertise in detection engineering, incident response, and security operations
  • Active U.S. Government security clearance (Top Secret) or willingness and eligibility to obtain one
  • Mission-oriented, have unimpeachable integrity, and are passionate and motivated to detect and respond to adversaries in a highly complex, fast-paced environment
  • Deep experience building and leading detection and response, instrumentation/observability, and threat intelligence teams across a global footprint, including airgapped and sovereign environments
  • Stellar leadership skills, and a demonstrated history of driving durable, and continuous improvements to programs, processes, and people
  • Exceptional written and verbal communication skills, can remain calm under pressure, and can effectively run command of security incidents involving numerous stakeholders across a diverse gamut of teams, expertise, and seniority
  • Deep expertise in modern observability stacks (e.g., SIEM, data lakes, EDR, cloud telemetry, logging) and detection primitives
  • Understand modern adversary tradecraft (TTPs) and have demonstrated experience and expertise translating it into practical detection strategies and response actions
Job Responsibility
Job Responsibility
  • Oversee global detection and response operations, including continuous monitoring, triage, investigation, containment, and remediation of security events across a diverse set of networks and infrastructure
  • Lead, mentor, and directly manage several small teams of senior engineers across observability, detection and response, and threat intelligence
  • Hire and scale these functions deliberately and proportionately as OpenAI’s compute footprint and platform ambitions grow
  • Ensure world-class operational rigor and readiness through management of incident playbooks, on-call and escalation paths, tabletop exercises, and continuous improvement of response quality and speed
  • Improve detection quality and coverage by partnering with engineering teams to ensure critical telemetry is available, reliable, and actionable across cloud, corporate, and production environments
  • Deeply partner across all of OpenAI to evaluate and respond to emergent security concerns in a frontier AI lab environment, such as detection and response strategies for agents operating across infrastructure at scale
  • Build a world-class security program capable of withstanding tier-1 adversaries by maximally embracing our own models to solve frontier security problems
What we offer
What we offer
  • Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts
  • Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)
  • 401(k) retirement plan with employer match
  • Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)
  • Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees
  • 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick or safe time (1 hour per 30 hours worked, or more, as required by applicable state or local law)
  • Mental health and wellness support
  • Employer-paid basic life and disability coverage
  • Annual learning and development stipend to fuel your professional growth
  • Daily meals in our offices, and meal delivery credits as eligible
  • Fulltime
Read More
Arrow Right
New

Incident Response Manager

As Incident Response Manager within our Security Operations team, you will perfo...
Location
Location
Portugal , Porto; Lisbon
Salary
Salary:
Not provided
https://www.tui.com Logo
TUI
Expiration Date
July 28, 2026
Flip Icon
Requirements
Requirements
  • You have experience practicing all technical, functional, and operational aspects of cyber security incident handling and response in an enterprise organization
  • Your ability to collect, analyze, and correlate cyber threat information enables you to manage incident response related to operating systems, servers, clouds, and relevant infrastructures
  • You bring strong knowledge of cyber incident handling standards, methodologies, and frameworks along with Secure Operation Centres platform technology such as SIEM, SOAR and CTI
  • You possess management skills for incident records, report writing and presentation with the ability to analyze and report security incidents to technical and non-technical stakeholders
  • Your communication skills, both written and verbal, enable you to influence information security and IT operations colleagues from around the world
  • You have solid understanding of cyber threats, Cyber Kill Chain, Attack and Defend Frameworks, along with knowledge of cyber security-related certifications, laws, regulations, and legislations
Job Responsibility
Job Responsibility
  • You'll contribute to the development, maintenance, and assessment of our Cyber Incident Response Plan while developing and implementing procedures related to incident handling
  • Identifying, analyzing, mitigating, and communicating cyber security incidents, you'll apply problem management to prevent incidents from reoccurring and measure detection and response effectiveness
  • We'll look to you to collect, analyze, and correlate cyber threat information from multiple sources, producing actionable intelligence for dissemination to stakeholders at tactical, operational, and strategic levels
  • Evaluating the resilience of cyber security controls, you'll adopt and develop incident handling testing techniques while establishing procedures for incident results analysis and reporting
  • Your role will involve cooperating with and supporting Secure Operation Centres and Computer Security Incident Response Teams while documenting incident handling actions comprehensively
  • Working closely with the Cyber Security Operations Lead, information security colleagues, IT operations teams globally, and key personnel, you'll ensure reporting of security incidents according to applicable regulatory and legal frameworks
What we offer
What we offer
  • Attractive remuneration
  • discretionary bonus schemes
  • generous travel benefits
  • extensive health & well-being support
  • Flexible working
  • dynamic working environment
  • Access the TUI Learning Hub
  • opportunities to work on global projects and teams
  • local charity and sustainability initiatives like the TUI Care Foundation
  • Fulltime
Read More
Arrow Right

Lead Security Engineer (DLP)

Lead the global data protection strategy and build an elite security team. Drive...
Location
Location
Malaysia , Kuala Lumpur
Salary
Salary:
15000.00 - 25000.00 MYR / Month
https://www.randstad.com Logo
Randstad
Expiration Date
August 06, 2026
Flip Icon
Requirements
Requirements
  • Deep, architectural-level understanding of Microsoft Purview and enterprise data protection ecosystems
  • Design and deploy scalable data classification, auto-labeling, and advanced DLP frameworks across diverse platforms
  • Drive high-level incident response strategies and oversee complex security investigations
  • Demonstrate strong leadership capabilities to guide technical teams and manage large-scale security projects
  • Communicate complex security concepts effectively to both technical teams and non-technical executive stakeholders
Job Responsibility
Job Responsibility
  • Architect and drive the global DLP roadmap, ensuring alignment with enterprise security and compliance goals
  • Oversee the end-to-end lifecycle of data protection policies across Microsoft Purview and other enterprise platforms
  • Partner with executive stakeholders and external vendors to ensure seamless, SLA-compliant service delivery
  • Direct the investigation of critical data leakage events and optimize incident response frameworks
  • Mentor, train, and lead a team of security engineers, fostering a culture of technical excellence and proactive defense
Read More
Arrow Right

Global Security Area Manager

Our Global Security organization is composed of multiple teams that work togethe...
Location
Location
United States , Prineville
Salary
Salary:
111000.00 - 161000.00 USD / Year
meta.com Logo
Meta
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7+ years of site/campus security management experience
  • Planning, organizational, and motivational experience
  • Experience drafting in technical and non-technical formats
  • Experience presenting both extemporaneously and in formal settings
  • Experience in root cause analysis, industry benchmarking, survey evaluation and data interpretation
  • Experience in the areas of emergency/disaster management, physical security, critical incident stress management, risk management and business resiliency
  • Experience with emergency procedure protocols and regulatory interfaces
  • Knowledge in physical security strategies, principles, standards, policies, and procedures
  • Experience with security technologies including Video Surveillance, Access Control, and Incident Management Systems, Security Operations Centers
Job Responsibility
Job Responsibility
  • Accountable for leading and providing management oversight of the onsite Data Center Physical Security program (DCPS) at the data center in support of all designated security activities
  • Responsible for the development and oversight of any additional Global Security FTEs assigned to the site
  • Act as a trusted advisor to the business and participate with the other organizational leads to make strategic decisions which drive site-based operations and resourcing for all teams
  • Provide security leadership direction to support all site-based events, they will ensure that the site security team maintains a strategic plan to support all ongoing operations, projects and construction milestones
  • Accountable for ensuring the DCPS team adheres with all Global Security Policies, Protocols, SOPs, and Post orders
  • Responsible for the execution of and assisting with Global Physical Security strategies to include enforcement of business conduct and integrity standards, employee safety and security, investigations, crisis response, business continuity and interaction with the security industry and government partners
  • Regularly engages with and communicates updates to the site Circle of Leadership (COL) and other key partners, advising on incidents, emerging risks, and other issues that may impact Meta’s data center operations, employees, or vendors
  • Works closely with the Global Security Operations Center and the Global Security Investigations and Intelligence Team to anticipate, identify, and evaluate risks to the Meta data center
  • Accountable to ensure that the Data Center staffing requirement is aligned with the Global manning model and help to ensure the security vendor is recruiting, hiring, training, developing, and retaining highly qualified team members in accordance with the statement of services
  • Responsible for ensuring security operations meet expectations of team and company audit programs
What we offer
What we offer
  • bonus
  • equity
  • benefits
  • Fulltime
Read More
Arrow Right