Lead - Detect & Response

This role leads Jumio’s Detect and Respond function, responsible for incident response, threat detection, and cyber defense operations across cloud, endpoint, and identity systems. The goal is to strengthen Jumio’s ability to detect, respond, and recover from cyber threats quickly and effectively, while fostering a culture of proactive security. The position directly supports Jumio’s trust, resilience, and compliance goals by improving detection capabilities, automating response processes, and reducing incident impact, thereby protecting customer data, business operations, and company reputation.

Must Have

• Lead Jumio’s Detect and Respond function.
• Own and evolve the Detect & Respond strategy.
• Lead 24x7 Security Operations Center (SOC) and incident response lifecycle.
• Manage external IR retainers, vendors, and threat intelligence services.
• Oversee detection engineering and threat hunting across Panther SIEM, CrowdStrike Falcon, and Okta/AWS telemetry.
• Ensure all D&R controls, processes, and automations operate effectively.
• Lead security crisis simulations, tabletop exercises, and post-incident reviews.
• Track and report KPIs/KRIs (e.g., MTTD, MTTR, detection coverage %).
• Identify, document, and report risks to the CISO and executive stakeholders.
• Manage CSIRT relationships, escalation protocols, and cross-team coordination during major incidents.
• Oversee and support penetration testing, vulnerability management, and red/purple team exercises.
• 8 years of Experience in Cybersecurity Operations, DFIR, Threat Detection, or SOC leadership.
• Proven success in designing and implementing unified detection and response programs.
• Experience leading investigations against Advanced Persistent Threats (APT), malware, and targeted attacks.
• Deep understanding of AWS Security (CloudTrail, GuardDuty, IAM, KMS, S3, Lambda, EKS) and CrowdStrike Falcon (EDR, CNAPP, Identity, DLP).
• Strong background in SIEM engineering (Panther), threat hunting (KQL/Sigma), and automation using Python.
• Practical experience with incident management, digital forensics, and data breach response.
• Working knowledge of MITRE ATT&CK, ISO 27001, SOC2, and PCI DSS frameworks.
• Experience managing and optimizing partnerships with third-party security providers and MSSPs.
• Excellent analytical, communication, and leadership skills.

Good to Have

• Relevant certifications such as CISSP, CISM, CEH, or GIAC preferred.
• Fast learner, adaptable, and capable of operating in a global, fast-paced, and collaborative environment.

Perks & Benefits

• Opportunity to shape a global capability from the ground up.
• Continual learning highly encouraged, especially within security.
• Upskilling and qualifications highly valued.
• Work in a hub of technical excellence with Machine Learning enablement.
• Collaborative and fast-paced global environment.
• Focus on eradicating online identity fraud, money laundering, and other financial crimes.
• Diverse and inclusive work environment.

Role Purpose:

This role leads Jumio’s Detect and Respond function: responsible for incident response, threat detection, and cyber defense operations across cloud, endpoint, and identity systems. The goal is to strengthen Jumio’s ability to detect, respond, and recover from cyber threats quickly and effectively, while fostering a culture of proactive security across the company.

Role Value:

The role directly supports Jumio’s trust, resilience, and compliance goals. By improving detection capabilities, automating response processes, and reducing incident impact, this position helps protect customer data, business operations, and the overall reputation of the company.

Example Responsibilities

• Own and evolve the overall Detect & Respond strategy—influencing technology, engineering, and managed service partners to advance Jumio’s security posture.
• Lead the 24×7 Security Operations Center (SOC) and govern the end-to-end incident response lifecycle (prepare → detect → contain → eradicate → recover → lessons learned).
• Manage external IR retainers, vendors, and threat intelligence services, ensuring relevant intelligence is contextualized and acted upon.
• Oversee detection engineering and threat hunting across Panther SIEM, CrowdStrike Falcon, and Okta/AWS telemetry.
• Support the creation, maintenance, and embedding of incident response playbooks and escalation processes.
• Ensure all D&R controls, processes, and automations operate effectively and are continuously improved.
• Lead security crisis simulations, tabletop exercises, and post-incident reviews to improve organizational readiness.
• Interface with Engineering, IT, and Product teams to guide security design, response preparedness, and operational controls.
• Track and report KPIs/KRIs (e.g., MTTD, MTTR, detection coverage %, incident closure rate, SIEM ingestion efficiency).
• Identify, document, and report risks to the CISO and executive stakeholders.
• Manage CSIRT relationships, escalation protocols, and cross-team coordination during major incidents.
• Oversee and support penetration testing, vulnerability management, and red/purple team exercises.
• Drive security awareness, empower people, and promote a positive cybersecurity culture across teams.
• Ensure lessons from incidents and exercises feed back into improved detections, playbooks, and training.

Experience and Qualifications

• 8 years of Experience in Cybersecurity Operations, DFIR, Threat Detection, or SOC leadership, with experience in leading teams.
• Proven success in designing and implementing unified detection and response programs across cloud, endpoint, and identity environments.
• Experience leading investigations against Advanced Persistent Threats (APT), malware, and targeted attacks.
• Deep understanding of AWS Security (CloudTrail, GuardDuty, IAM, KMS, S3, Lambda, EKS) and CrowdStrike Falcon (EDR, CNAPP, Identity, DLP).
• Strong background in SIEM engineering (Panther), threat hunting (KQL/Sigma), and automation using Python.
• Practical experience with incident management, digital forensics, and data breach response.
• Working knowledge of MITRE ATT&CK, ISO 27001, SOC2, and PCI DSS frameworks.
• Experience managing and optimizing partnerships with third-party security providers and MSSPs.
• Excellent analytical, communication, and leadership skills with a structured, hands-on approach.
• Relevant certifications such as CISSP, CISM, CEH, or GIAC preferred.
• Fast learner, adaptable, and capable of operating in a global, fast-paced, and collaborative environment.

Key Characteristics and Attitudes

In a recent global survey these attributes were valued by Jumios in all locations and functions - we firmly believe in hiring for attitude as well as skill.

• Friendly and supportive
• Adaptable and flexible
• Articulate and persuasive
• High IQ and EQ
• Curious and coachable
• Commercially Aware
• Resilient and tenacious
• Big picture and the detail

Jumio Values

• IDEAL: Integrity, Diversity, Empowerment, Accountability, Leading Innovation

Progression

This is an opportunity to shape a global capability from the ground up. The role will move from a senior, hands-on, contributor into a team lead. Continual learning is highly encouraged at Jumio, especially within security where up to date skills and qualifications are highly valued.

@Work

Our newest office, Jumio is next to Walmart Labs in Helios Business Park and growing fast. A hub of technical excellence with Machine Learning enablement at its core the engineers and team are committed to learning and innovation.

Company

Jumio is the future for online and mobile ID verification. We are the largest and fastest growing company in the ID verification space. With a global footprint, we’re expanding the team to meet strong client demand across a range of industries including Financial Services, Travel, Sharing Economy, Fintech, Gaming, and others.

Equal Opportunities

Jumio is a collaboration of people with different ideas, strengths, interests and cultures. We welcome applications and colleagues from all backgrounds and of all statuses.

About Jumio:

Jumio is a B2B technology company dedicated to eradicating online identity fraud, money laundering and other financial crimes to help make the internet safer. We leverage AI, biometrics, machine learning, liveness detection and automation to create solutions that are trusted by leading brands worldwide and respected by industry thought leaders.

Jumio is the leading provider of online identity verification, eKYC and AML solutions. With a global footprint, we’re expanding the team to meet strong client demand across a range of industries including Financial Services, Travel, Sharing Economy, Fintech, Gaming, and others.

Applicant Data Privacy

We will only use your personal information in connection with Jumio’s application, recruitment, and hiring processes, as described in Jumio’s Applicant Privacy Notice.

If you have any questions or comments, please send an email to privacy@jumio.com.