The Incident Response Lead plays a pivotal role within the Security Operations team, acting as a strategic leader in managing responses to sophisticated security threats. This position involves planning and refining the incident management framework, driving initiatives to enhance the organization’s cybersecurity posture, and fostering a culture of continuous improvement and resilience. The role also includes collaborating with stakeholders at all levels to effectively communicate incident management processes and updates. MAJOR RESPONSIBILITIES: Conduct thorough analyses of security data, providing actionable recommendations for improvements to the security network while ensuring effective communication of issues and solutions to both technical and non-technical audiences. This includes addressing daily reported issues from internal users. Investigate adversarial Tactics, Techniques, and Procedures (TTPs), and create innovative detection and prevention strategies across various environments, with a focus on the organization's SIEM solution. Monitor alerts and events from firewalls, SIEM systems, IDS, and networking devices to systematically identify security vulnerabilities and determine their root causes using a methodical approach. Collaborate with senior engineers and technology leadership to define and implement security-driven process enhancements. Develop and maintain comprehensive security documentation, including security architecture diagrams, procedural guides, and organizational security standards. PROBLEM SOLVING & DECISION MAKING: The Incident Response Lead must demonstrate strong problem-solving and decision-making skills to effectively navigate the complexities of the role. The individual will need to coordinate and make critical decisions in high-pressure and ambiguous scenarios. This includes daily operational decisions and collaborating with senior management to tackle broader issues impacting the organization. REQUIREMENTS: Education and Experience: Bachelor’s degree or equivalent combination of education and experience. 5 years of experience in security engineering, with at least 3 years in a security-focused role. 1-2 years of experience with Azure. Familiarity with project management methodologies in large-scale enterprise and service provider environments. Skills/Knowledge: Comprehensive understanding of:Computer forensic analysis Firewall technologies SIEM configuration and content development IP networking (TCP/IP and packet analysis) IPS/IDS attack methodologies Two-factor authentication systems Scripting languages such as PowerShell or Python Knowledge of LINUX and Windows system administration is advantageous. Ability to synthesize diverse data points across multiple technical and business domains. Highly analytical, organized, and self-motivated. Capable of making complex recommendations to management. Proficient in leading and coordinating solutions for intricate issues. Expertise in managing complex security incidents with a robust understanding of the evolving cybersecurity landscape and threats. Excellent organizational and planning skills to manage multiple projects and priorities effectively. Experience implementing new security tools in large-scale environments. Relevant certifications such as CISSP, GPEN, CEH, and other network security qualifications are preferred. Advanced knowledge in designing and managing complex next-gen firewall infrastructures, including firewall, IPSEC VPN, IPS/IDS, and advanced networking technologies. Strong communication skills to convey technical information clearly and effectively to a variety of audiences. Ability to build strong relationships and alliances within the organization. Proficient in accurately translating and producing technical information for a general audience. LI-LH1 ATG456