CSOC Incident Response Lead

The Cybersecurity Security Operations Center (CSOC) Incident Response (IR) Lead is a cybersecurity professional responsible for overseeing and coordinating the response to all security incidents within the organization, acting as the primary decision-maker during a breach by leading the incident response team, assessing the situation, implementing response plans, and communicating updates to stakeholders throughout the incident lifecycle, with the primary goal of minimizing risk and restoring operations quickly and safely. This role requires a strategic thinker with strong leadership and technical skills, capable of making quick and informed decisions in high-pressure situations. Ability to support the IR lifecycle using our Security Information and Event Monitoring (SIEM) and Security Orchestration and Automated Response (SOAR) technologies.

This role reports directly to the CSOC manager.

• Serve as the primary point of contact and decision-maker during cybersecurity incidents.
• Assist in utilization of full CSOC toolset in support of IR (i.e. SIEM / SOAR, sandbox, email security, End Point Detection and Response, etc.)
• Lead and coordinate incident response efforts within the Triage & Response team, including mobilizing resources, assessing the situation, and implementing response plans.
• Collaborate with internal and external stakeholders to gather information, assess impact, and prioritize response actions.
• Provide clear and timely communication to stakeholders, including executive leadership, throughout the incident lifecycle.
• Implement and refine the analysis and forensics process.
• Implement and refine incident response procedures, protocols, and playbooks to enhance effectiveness and efficiency.
• Conduct monthly post-incident reviews to help identify lessons learned, areas for improvement, and enforce consistent action item remediation with analysts, engineers, and relevant stakeholders.
• Stay abreast of emerging cyber threats, vulnerabilities, and best practices in incident response through collaboration with Vulnerability management and Cyber Threat Intelligence teams.
• Hold monthly workshops with stakeholders from Information Technology and Operational Technology to discuss on-going and future initiatives related to Incident Response.
• Collaborate with security engineers to enhance detection and playbook automation.
• Lead tabletop exercises with CSOC team members and internal stakeholders to facilitate training, identify gaps, and support continuous improvement.
• Assist with managing the IR database to ensure adherence to audit and compliance requirements.
• Support CSOC manager with vendor management of the IR retainer(s).
• Oversee formal / informal IR training. Identify training opportunities with unused IR retainer credits.

Formal Education & Certification

Knowledge & Experience

Preferred Experience

Personal Attributes