Incident Response & Threat Intelligence Manager

About The Position

Requirements

• 8+ years in cybersecurity with 3+ years leading incident response and/or threat intelligence teams in large enterprises.
• Proven experience managing globally distributed teams and leading major cyber incidents.
• Strong hands‑on understanding of DFIR, threat intelligence, and threat hunting processes.
• Experience with a wide breadth of enterprise security tooling.
• Experience working cross‑functionally with Legal, Privacy, Compliance, and Executive Leadership.
• Exceptional written and verbal communication skills, including executive‑level briefings.

Nice To Haves

• Experience in a Fortune 500 or similarly complex, regulated environment.
• Certifications such as GCIH, GCFA, GCED, CISSP, CISM, or equivalent.
• Familiarity with MITRE ATT&CK, NIST 800‑61, and/or SOC CMM Framework

Responsibilities

• Lead and continue to develop a geographically dispersed, follow‑the‑sun team across threat intelligence, digital forensics incident response, and threat hunting functions.
• Maintain operating models, on‑call rotations, escalation paths, and coverage aligned to global business needs.
• Coach senior analysts, build succession plans, and drive consistent performance, engagement, and retention.
• Own enterprise incident response strategy, playbooks, and readiness activities, aligned to NIST and industry best practices.
• Serve as Incident Commander for high-severity cyber incidents; coordinate technical response, executive communications, and cross-functional decision-making.
• Ensure effective containment, eradication, recovery, and post-incident remediation, including executive-level readouts and lessons learned.
• Oversee forensic acquisition and analysis across endpoints, cloud, identity, SaaS, and network environments.
• Ensure defensible chain‑of‑custody processes and support legal, HR, privacy, and regulatory investigations as required.
• Maintain enterprise DFIR standards, tooling, and investigative quality.
• Lead strategic, operational, and tactical threat intelligence capabilities to inform detection, response, and risk prioritization.
• Translate intelligence into actionable outcomes, including detection engineering, threat hunting focus areas, and executive briefings.
• Integrate internal telemetry with external intelligence sources and trusted sharing communities.
• Drive hypothesis‑based threat hunting aligned to adversary behaviors and business-critical risks.
• Partner with SOC and Detection Engineering teams to improve detection coverage, fidelity, and response speed.
• Sponsor purple team exercises to validate controls and surface gaps.
• Own the roadmap and effectiveness of DFIR, TI, and threat hunting tooling (e.g. TIP and forensics platforms).
• Increase automation and orchestration to accelerate investigation and response at enterprise scale.
• Collaborate with security engineering teams to embed intelligence‑led security improvements.
• Ensure alignment with regulatory, legal, and internal governance requirements globally.
• Define, track, and report KPIs and KRIs (e.g., incident trends and threat hunting / intelligence reports) to executive and board‑level audiences.
• Translate technical risk into clear business impact and investment guidance.