Job Description

We are seeking a seasoned Incident Response expert to lead threat detection, incident response, and operational defense strategies. This role is hands-on and strategic, focused on enhancing detection capabilities, automating response workflows, and driving continuous improvement across cybersecurity operations.

Key Responsibilities

• Lead end-to-end threat management : detection, analysis, containment, eradication, and recovery.
• Coordinate incident response across teams ; ensure timely resolution and documentation.
• Develop and maintain incident response plans and playbooks.
• Conduct threat hunting to identify gaps and improve detection coverage.
• Create and refine SIEM correlation rules to detect complex attack patterns and reduce false positives.
• Integrate threat intelligence feeds to enhance detection and response.
• Apply machine learning and behavioral analytics to identify anomalies and advanced threats.
• Fine-tune configurations of SIEM, EDR, IDS/IPS tools for optimal performance.
• Conduct phishing simulations; develop training programs to improve user awareness.
• Integrate and analyze logs from diverse sources: network, servers, applications, cloud.
• Automate threat response workflows using SOAR platforms.
• Stay current with emerging threats and cybersecurity trends.
• Contribute to the organization’s overall cybersecurity strategy.

Qualifications

• Bachelor’s degree in a related field and 9+ years of cybersecurity experience, or equivalent.
• Certifications: CISSP, CISM, CEH, OSCP, GIAC or similar required.
• Extensive SOC experience with strong background in threat detection, incident response, and threat hunting.
• Proven success implementing and managing SOAR platforms.
• Experience with threat intelligence platforms and proactive threat hunting.
• Skilled in phishing simulation design and analysis.
• Strong understanding of cloud, network, and application security.
• Experience in Biotech/Pharma is a plus.

Technical Skills

• Proficiency with SIEM (Splunk, QRadar), EDR (CrowdStrike, Cortex), IDS/IPS (Snort, Suricata).
• Strong scripting skills (Python, PowerShell) for automation and detection enhancement.
• Ability to integrate diverse log sources and develop high-fidelity alerts.
• Familiarity with MITRE ATT&CK framework and behavioral analytics.
• Deep knowledge of DNS, network protocols, firewalls, VPNs, WAFs, email security, DLP, cryptography, endpoint protection.

Soft Skills

• Excellent communication and collaboration across technical and non-technical teams.
• Strong analytical, planning, and time management skills.
• Resourceful, proactive, and committed to continuous learning.
• Ability to mentor team members and foster vendor relationships.
• Skilled in applying cybersecurity frameworks (NIST, ISO 27001, PCI-DSS) to business needs.

Equal Opportunity Employer/Veterans/Disabled

To read our Candidate Privacy Information Statement, which explains how we will use your information, please navigate to

The Company will consider qualified applicants with arrest and conviction records in accordance with federal, state, and local laws and/or security clearance requirements, including, as applicable:

• The California Fair Chance Act

• Los Angeles City Fair Chance Ordinance

• Los Angeles County Fair Chance Ordinance for Employers

• San Francisco Fair Chance Ordinance

Job Tags

Similar Jobs