Security IR Director

You will lead and own responses to large-scale, high-impact cyber incidents. You will act as Incident Commander during major security events, coordinate technical and cross-functional stakeholders, run tabletop exercises, drive containment and recovery, perform post-incident reviews, and track incident response metrics to improve readiness.

Responsibilities

• Serve as Incident Commander for high-severity cyber incidents
• Lead company-wide incident response efforts across technical and operational teams
• Orchestrate crisis management teams and ensure clear ownership and decision-making
• Coordinate response activities with legal, communications, product, and executive stakeholders
• Drive rapid containment, eradication, and recovery while balancing business continuity and regulatory obligations
• Provide timely, concise, and actionable updates to executive leadership
• Own and improve the incident response framework including severity definitions and escalation paths
• Design and run executive-level incident simulations and tabletop exercises
• Conduct high-quality post-incident reviews and track implementation of lessons learned
• Define and track incident response metrics such as MTTD and MTTR

Requirements

• 10+ years in cybersecurity with significant incident response management experience
• Proven experience leading large-scale, cross-company cyber incidents
• Demonstrated experience acting as Incident Commander for at least 15 incidents in the past 5 years
• Strong understanding of cloud and SaaS architectures
• Knowledge of identity, access control, and infrastructure security
• Experience with detection and response technologies including SIEM and EDR and cloud-native tools
• Offensive security background
• Hands-on experience in forensics, threat hunting, or security engineering
• Ability to translate technical facts into business impact and make risk-based decisions
• Experience engaging with executive leadership and board-level stakeholders