Security and Incident Response Lead

The Cyber Defense Detection & Response role is responsible for ensuring the 24/7 monitoring, detection, investigation, and response to cybersecurity threats across the enterprise. This position is part of the Global Security Operations Center (SOC) and is critical to safeguarding the company’s SaaS platforms, customer trust, and supply-chain operations.

By leveraging advanced detection technologies, AI-driven playbooks, and threat intelligence, the Detection & Response team reduces attacker dwell time, accelerates containment, and ensures compliance with IPO-grade regulatory requirements (e.g., SEC, FedRAMP, J-SOX).

Key Responsibilities

• Threat Monitoring & Detection
• Continuously monitor SIEM, EDR/XDR, IDS/IPS, cloud telemetry, and threat intelligence feeds.
• Develop and tune detection rules/playbooks aligned to MITRE ATT&CK.
• Incident Response
• Investigate and triage security alerts, escalating high-priority threats within defined SLAs.
• Execute containment, eradication, and recovery procedures in coordination with IT Ops and DevSecOps.
• Threat Hunting & Proactive Defense
• Conduct proactive threat hunts to identify hidden adversary activity.
• Participate in red team/purple team exercises to validate and improve detection capabilities.
• Automation & Efficiency
• Develop and improve SOAR (Security Orchestration, Automation, and Response) playbooks.
• Contribute to AI-assisted incident detection and response initiatives to reduce MTTR.
• Compliance & Reporting
• Document incidents in compliance with SEC, FedRAMP, ISO 27001, and SOC 2 requirements.
• Support regulatory and customer audits with evidence of SOC effectiveness.
• Collaboration
• Partner with IT, Cloud Engineering, Product Security, and Physical Security teams to contain multi-vector incidents.
• Provide input into cyber defense roadmaps and capability maturity.