Head of Cyber Incident Response
Guardian Life · New York, NY · 2 wk ago
HybridInformation Technology$152k–$250k/yrFull-time
About the role
This role sits at the intersection of hands-on incident response, threat mitigation, and team leadership. You will be part of a highly collaborative cyber defense organization, leading the response to high-impact security incidents while mentoring and developing the next generation of incident responders.
Responsibilities
- Lead and mentor a team of incident response and forensics professionals in a hands-on leadership role.
- Serve as the senior escalation point within the team responsible for investigating complex, high-impact cyber incidents advanced from the SOC.
- Act as incident commander or technical lead, coordinate response actions with leadership across cybersecurity security teams while collaborating with legal, enterprise technology, engineering, and other internal teams.
- Manage the organization’s Corporate Cyber Incident Response capability, including coordination and execution.
- Develop, maintain, and test incident response plans, playbooks, quick-reference guides, and crisis communication procedures.
- Partner with first-line SOC teams to build muscle memory, clarify containment authorities, and standardize response actions.
- Collaborate with business continuity/disaster recovery teams to ensure an integrated response to large-scale cyber events.
- Drive continuous improvement of logging, monitoring, detection coverage, and UBA capabilities, proactively identifying gaps.
- Ensure incidents are tracked, reported, and reviewed, with high-quality after-action reports and meaningful metrics.
- Manage third-party incident response retainers, readiness exercises, and periodic simulations.
- Collaborate across teams through the hosting of cross-functional incident response training events, and debriefs to align on threats, trends, and lessons learned.
- Champion risk mitigation initiatives and improvements to security control effectiveness.
- Collaborate with cybersecurity leadership on strategy, roadmap development, vendor management, and talent planning.
- Contribute to enterprise programs such as DLP and insider risk management.
- Support internal and external audits, regulatory requests, and due diligence activities.
- Continuously identify opportunities to enhance incident response maturity, automation, and cyber defense capabilities.
- Develop standard operating procedures for our 1st line SOC based on threats/observed incidents.
Requirements
- 7-10 years of overall cybersecurity experience, with a focus in digital forensics, incident response, SOC, or threat mitigation.
- Broad and deep technical expertise across enterprise environments, including public cloud and SaaS platforms.
- 3+ years of security leadership experience, ideally in incident response or cyber defense, with a player/coach mindset.
- Strong command of incident response methodologies, digital forensics principles, and evidence handling.
- Knowledge and experience in threat hunting, malware analysis, attacker techniques, and common vulnerabilities.
- Practical experience working with NIST CSF, MITRE ATT&CK, and related security frameworks.
- Hands-on experience with SIEM and log analytics platforms including logging, monitoring, insider threat, and UBA concepts.
- Ability to translate cyber threat intelligence into actionable detections, mitigations, and response strategies.
- Experience operating in regulated environments, preferably financial services or insurance, with understanding of U.S. privacy regulations.
- Proven ability to lead, mentor, and develop high-performing technical teams.
- Strong written and verbal communication skills, with experience engaging technical teams, executives, and cross-functional partners.
- Analytical, curious, and resilient under pressure; able to think structurally and creatively during incidents.
Qualifications
- BS or MS in cyber security, digital forensics, or equivalent experience and/or industry certifications preferred.
- A continuous, lifelong learner with a desire to grow into broader cyber leadership.
Skills
- Leadership and mentoring skills.
- Technical expertise in digital forensics, incident response, and threat mitigation.
- Communication and collaboration skills.
- Ability to handle complex, high-impact incidents.
- Experience with SIEM and log analytics platforms.
- Knowledge of security frameworks and regulations.
- Ability to lead and mentor teams.
Benefits
N/A
Pay
$152,290.00 - $250,195.00
Schedule
Three days a week at a Guardian office in New York, NY or Holmdel, NJ; 20% travel to other Guardian Offices as needed.