Jobs · Information Technology · Georgia

Incident Response Manager

Fortuna Cysec · Atlanta, GA · 2 mo ago
On-siteInformation TechnologyFull-time

Description

Fortuna Cysec delivers unified cybersecurity operations through TheFense platform—our integrated MDR, SIEM, EDR, and response ecosystem designed for regulated industries, nonprofits, healthcare, education, and mission-driven organizations. Our global SOC/NOC operates 24×7×365, providing real-time visibility, rapid containment, and deep technical expertise across diverse customer environments. We are expanding our Incident Response leadership team with a hands-on technical manager who thrives in fast-moving investigations and can guide customers through their most critical security events.

Role Summary

The Cybersecurity Incident Response Manager leads and directly participates in high-severity investigations across Fortuna Cysec’s customer base. This role blends technical depth, operational leadership, and customer-facing communication. You will serve as the senior escalation point for complex incidents, drive containment and remediation, and strengthen TheFense platform’s detection and response capabilities.

Requirements

  • Lead and Execute Incident Response Command all phases of incident response—triage, investigation, containment, eradication, and recovery—while performing hands-on technical analysis.
    • Analyze EDR telemetry, SIEM alerts, network logs, cloud audit logs, and identity events across Microsoft, AWS, and hybrid environments.
      • Execute containment actions including endpoint isolation, identity disablement, MFA resets, OAuth token revocation, and firewall/network segmentation changes.
        • Conduct forensic acquisition and analysis using Velociraptor, KAPE, FTK, EnCase, and Volatility.
          • Reverse-engineer or sandbox suspicious binaries/scripts to determine behavior and impact.

Required Qualifications

  • 5–10+ years of hands-on experience in incident response, threat hunting, SOC operations, or digital forensics.
    • Deep technical expertise with EDR platforms (Microsoft Defender, SentinelOne, CrowdStrike, Carbon Black).
  • Strong SIEM experience with log parsing, correlation, and custom detection creation (Wazuh, Microsoft Sentinel, Elastic, Splunk).
  • Strong Windows Servers, Office 365 & Azure EntraID / Intune Experience
  • Hands-on experience with cloud IR in Azure, AWS, and hybrid environments.
  • Proficiency with forensic tools (Velociraptor, KAPE, FTK, EnCase) and memory analysis frameworks (Volatility).
  • Strong understanding of identity security (Entra ID, Okta), email security (M365, Proofpoint), and SaaS compromise patterns.
  • Strong understanding of MITRE ATT&CK, NIST 800-61, CIS Controls, ISO 27035.
  • Ability to communicate complex technical findings to both technical and executive audiences.
  • Relevant certifications: GCIA, GCFA, GCIH, GNFA, CISSP, or equivalent experience.

Preferred Qualifications

  • Experience in an MDR, MSSP, or IR consulting environment.
  • Scripting/automation skills in Python or PowerShell.
  • Experience with malware analysis, cloud forensics, or identity compromise investigations.
  • Experience supporting regulated industries (HIPAA, FERPA, PCI-DSS, SOX, CJIS) and mission-driven organizations.

Similar jobs

Case Manager

The Family PlaceDallas, TX· 1 mo ago
Managementapply on paycomonline.net

Case Manager

St. Vincent de Paul of BaltimoreBaltimore, MD· 1 wk ago
Managementapply on paycomonline.net

Case Manager

The Salvation Army Southern CaliforniaAnchorage, AK· 2 wk ago
Healthcareapply on recruiting2.ultipro.com

Case Manager

Encompass HealthBrooksville, FL· 1 wk ago
Managementapply on careers.encompasshealth.com

Case Manager

Chicago Public SchoolsChicago, IL· 4 days ago
Management$64k–$83k/yrapply on cpsk12il.taleo.net

Case Manager

Talented Medical SolutionsRio Rancho, NM· 1 mo ago
Managementapply on app.workwolf.com