Cybersecurity Operations & Incident Response Lead
About Us
Coastal is at the forefront of modern banking, combining strong financial infrastructure with cutting-edge Banking-as-a-Service (BaaS) and fintech enablement strategies. We support not only individuals with their personal banking needs; we also empower businesses by integrating modern banking technology that drives growth, flexibility, and innovation. At Coastal, we think and move like entrepreneurs; focused on impact, speed, and continuous improvement. We believe in working smart, collaborating deeply, and building solutions that unlock real potential. If you're someone who thrives in a fast-moving environment, loves solving complex problems, and wants to help shape the future of banking, we’d love to meet you. Check out our video here!
Overview
The Cybersecurity Operations & Incident Response Lead builds and runs Coastal’s 24×7 security operations capability—people, processes, and technology—across a hybrid environment that blends legacy on-premises systems with modern cloud services and custom-developed APIs. You will lead security monitoring, incident response, detection engineering/content development, and vulnerability management. You’ll also own the relationship with our third-party SOC, ensuring use-cases, playbooks, and tuning are tightly aligned to our business, our risk profile, and our environment.
Responsibilities
- To Include Security Monitoring & Detection Engineering
- Own SIEM/SOAR strategy and daily operations; drive log onboarding, normalization, and high-fidelity detections across the entire technology landscape, including but not limited to: Core technology infrastructure, Active Directory Domain Services, Entra ID, Okta, Azure control plane, Zscaler, Windows and macOS endpoints, hybrid network, Productivity/G&A systems, M365, SaaS, Business-specific systems, Azure IaaS/PaaS services, custom-developed API services, banking core, financial ledger and reporting systems
- Coordinate with Engineering and IT to build detection engineering into system development lifecycle
- Develop, test, and maintain detection content (e.g., KQL/Sigma), alert routing, and enrichment pipelines that reduce noise and increase true-positive rates
- Integrate threat intelligence (strategic, operational, and technical) into detections and response workflows
- Incident Response
- Serve as incident response commander for high-severity incidents; coordinate cross-functional responders in Infrastructure, IT, Engineering, Legal, and Compliance
- Build, maintain, and continuously improve standard operating procedures (SOPs), runbooks, and playbooks
- Maintain and exercise incident response plans through tabletop and similar activities
- Mature evidence handling, forensics workflows, and case management; ensure accurate timelines and regulator-ready documentation
- Drive post-incident reviews with measurable corrective actions (people/process/technology) and executive readouts
- Vulnerability & Exposure Management and Threat Hunting
- Own the vulnerability management lifecycle, ensuring coverage of vulnerability discovery, triage, and management across servers, endpoints, network, cloud subscriptions, containers/images, and custom APIs
- Prioritize remediation using risk-based scoring and exploit intelligence
- Track configuration and identity hygiene (e.g., privileged accounts, conditional access, MFA coverage, device compliance) and partner with owners to close gaps
- Build and maturing a threat hunting and purple team function as part of the overall Security & Threat Operations maturation roadmap
- SOCMSP Governance
- Lead day-to-day oversight of the third-party SOC: queue hygiene, case quality, SLAs, runbook adherence, and continuous tuning to our environment
- Ensure vendor tooling integrations, data retention, and access are compliant with Coastal policies and regulatory expectations
- Security and Threat Operations Leadership
- Establish operating rhythms (standups, metrics reviews, post-incident retrospectives) and standard operating procedures for response, containment, eradication, and recovery
- Develop and report on KPIs and KRIs for the Security and Threat Operations function
- Governance, Risk, Audit & Reporting
- Align SecOps processes to FFIEC/GLBA expectations and industry frameworks (NIST CSF and Cyber Risk Institute Profile)
- Prepare evidence for audits/exams; provide clear, actionable metrics and board-level reporting on SOC performance, incident trends, control coverage, and risk reduction
- Partner with Legal, Compliance, Privacy, and Third-Party Risk on obligations and notifications
- Culture, Training & Readiness
- Coach analysts on analytical rigor, bias reduction, and structured investigations
- Promote a blameless, learning-oriented culture that prizes speed, accuracy, and craftsmanship
Qualifications
- Demonstrated success operating in hybrid environments spanning on-prem AD, Entra ID (Azure AD), Okta, Azure, Microsoft 365, Zscaler, and containerized workloads/APIs
- Hands-on expertise with SIEM/SOAR, EDR, log pipelines, and detection content development including tuning and QA
- Proven incident commander for high-impact events; adept with forensics, scoping, containment, and executive communication
- Strong vulnerability management leadership across technology areas, including risk-based prioritization and remediation orchestration
- Familiarity with MITRE ATT&CK, cyber kill chain, and threat-led validation (purple teaming)
- Experience managing outsourced SOC/MSSP providers with measurable improvements to signal quality and response times
- Excellent communication skills—able to translate technical risks into business terms and influence across stakeholders
- Familiarity with scripting or automation tools (e.g., Python, TypeScript) to streamline operations processes
Education/Experience
- 8+ years in Security Operations, Incident Response, Detection Engineering, or Threat Hunting
- 3+ years team lead experience
- Bachelor’s degree in Information Security, Computer Science, or related field, or equivalent practical experience
- Prior experience in a regulated environment (finance, healthcare, etc.) is strongly preferred
How You’ll Thrive At Coastal
- Be the Best – Communicate effectively, pay close attention to detail, and prioritize your personal development
- Relentless – Thrive in a goal-oriented environment exercising both patience and persistence. Advocate for our customers and team members and strive to promote the Coastal Difference
- Un-Bankey – Be a forward thinker with a creative mindset. Build long-lasting relationships promoting the Coastal Difference, built on a foundation of integrity, honesty, and trust
- Un-Bankey – Use sound judgment while decision-making and problem-solving. Think outside the box
- Flexible – Organize and strategize effectively while always being prepared to adapt on the fly. Seek efficiencies for Coastal to work smarter, not harder
- Take Care of Each Other – Understand what it means to be a true team player and have your teammate's back. Practice self-awareness and build your emotional intelligence
Benefits
- Medical Coverage: Choose from three competitive medical plans to find the coverage that best fits your needs and lifestyle
- Health Savings Account (HSA): Available with eligible medical plans, offering tax advantages and employer contributions
- Flexible Spending Accounts (FSA): Options for healthcare and dependent care expenses to help you save on out-of-pocket costs
- Dental and Vision Insurance: Plans to keep you and your family smiling and seeing clearly
- Life Insurance: Company-paid basic life insurance with options to purchase additional coverage for yourself and your dependents
- Long-Term /Short-Term Disability (LTD): Income protection in the event of a long-term illness or injury
- Supplemental Benefits: Including Hospital Indemnity, Accident Insurance, and Critical Illness coverage to provide extra financial support when you need it most
- 401(k) Retirement Plan: A competitive retirement savings plan with company matching to help you plan for the future
- Paid Time Off: Generous vacation and sick leave policies to support your time away from work
- Holidays: Enjoy 11 paid holidays throughout the year
Compensation Range
$141,462 - $169,755