Incident Response Manager
Description
Fortuna Cysec delivers unified cybersecurity operations through TheFense platform—our integrated MDR, SIEM, EDR, and response ecosystem designed for regulated industries, nonprofits, healthcare, education, and mission-driven organizations. Our global SOC/NOC operates 24×7×365, providing real-time visibility, rapid containment, and deep technical expertise across diverse customer environments. We are expanding our Incident Response leadership team with a hands-on technical manager who thrives in fast-moving investigations and can guide customers through their most critical security events.
Role Summary
The Cybersecurity Incident Response Manager leads and directly participates in high-severity investigations across Fortuna Cysec’s customer base. This role blends technical depth, operational leadership, and customer-facing communication. You will serve as the senior escalation point for complex incidents, drive containment and remediation, and strengthen TheFense platform’s detection and response capabilities.
Requirements
- Lead and Execute Incident Response Command all phases of incident response—triage, investigation, containment, eradication, and recovery—while performing hands-on technical analysis.
- Analyze EDR telemetry, SIEM alerts, network logs, cloud audit logs, and identity events across Microsoft, AWS, and hybrid environments.
- Execute containment actions including endpoint isolation, identity disablement, MFA resets, OAuth token revocation, and firewall/network segmentation changes.
- Conduct forensic acquisition and analysis using Velociraptor, KAPE, FTK, EnCase, and Volatility.
- Reverse-engineer or sandbox suspicious binaries/scripts to determine behavior and impact.
- Conduct forensic acquisition and analysis using Velociraptor, KAPE, FTK, EnCase, and Volatility.
- Execute containment actions including endpoint isolation, identity disablement, MFA resets, OAuth token revocation, and firewall/network segmentation changes.
- Analyze EDR telemetry, SIEM alerts, network logs, cloud audit logs, and identity events across Microsoft, AWS, and hybrid environments.
Required Qualifications
- 5–10+ years of hands-on experience in incident response, threat hunting, SOC operations, or digital forensics.
- Deep technical expertise with EDR platforms (Microsoft Defender, SentinelOne, CrowdStrike, Carbon Black).
- Strong SIEM experience with log parsing, correlation, and custom detection creation (Wazuh, Microsoft Sentinel, Elastic, Splunk).
- Strong Windows Servers, Office 365 & Azure EntraID / Intune Experience
- Hands-on experience with cloud IR in Azure, AWS, and hybrid environments.
- Proficiency with forensic tools (Velociraptor, KAPE, FTK, EnCase) and memory analysis frameworks (Volatility).
- Strong understanding of identity security (Entra ID, Okta), email security (M365, Proofpoint), and SaaS compromise patterns.
- Strong understanding of MITRE ATT&CK, NIST 800-61, CIS Controls, ISO 27035.
- Ability to communicate complex technical findings to both technical and executive audiences.
- Relevant certifications: GCIA, GCFA, GCIH, GNFA, CISSP, or equivalent experience.
Preferred Qualifications
- Experience in an MDR, MSSP, or IR consulting environment.
- Scripting/automation skills in Python or PowerShell.
- Experience with malware analysis, cloud forensics, or identity compromise investigations.
- Experience supporting regulated industries (HIPAA, FERPA, PCI-DSS, SOX, CJIS) and mission-driven organizations.