Incident Commander, Lead

Key Role:
Maintain responsibility for the management, supervision, and coordination of Cybersecurity incidents for clients. Lead significant or high-profile incidents, including validating and escalating incidents and coordinating response activities across client business groups. Provide rapid, independent decision making in stressful or fluid situations, including those that impact critical business systems. Leverage expertise in decision-making, weigh the relative costs and benefits of potential actions, and identify the most appropriate one. Provide strategic guidance on and tracking of tools, visibility, or capabilities gaps affecting the information security posture. Serve as a liaison between the Security Operations Center and the impacted business and technical teams during an incident. Test and update incident response plans and processes to address existing and emerging threats.

Basic Qualifications:

-5+ years of experience with leading project delivery teams with private sector clients as a technical consultant

-3+ years of experience with Cybersecurity consulting

-3+ years of experience with incident response and security operations

-Experience with triage analysis, forensics, threat hunting, Cyber threat intelligence

-Ability to lead fast-paced delivery in challenging commercial environments, work with senior leaders to foster positive client relationships, identify new business opportunities with existing clients, and develop new intellectual capital

-Ability to build relationships with technology vendors and develop mutually beneficial partnerships

-BA or BS degree

Additional Qualifications:

-4+ years of experience with leading significant or high-profile incidents, including validating and escalating incidents and coordinating response activities across multiple entities

-Experience with large scale and complex incidents of all types, including APT, DDOS, insider, web and mobile applications, or data exfiltration

-Experience with providing strategic guidance on and tracking of tools, visibility, or capabilities gaps affecting the information security posture

-Experience with testing and updating incident response plans and processes to address existing and emerging threats

-Experience with key Cybersecurity operations related tools, including SIEM, and TIP

-Knowledge of forensic analysis and Big Data concepts

-Ability to make rapid, independent decisions in stressful or fluid situations, including those that impact critical life, safety, and business systems

-Ability to provide clients with timely reports and updates

-Ability to travel up to 80% of the time

-Possession of excellent oral and written communication skills with multiple stakeholders to be a liaison between the Security Operations Center and business and technical teams during an incident

-Security Certifications, including GCIH, GCIA, GCFA, and GCFE

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.

CMD

Not ready to apply? Join our talent community and sign up for job alerts.