Cybersecurity Operations – Incident Response Lead
Employment Information
Report this job
Job expired or something wrong with this job?
Job Description
Cybersecurity Operations Lead managing 24×7 security operations and incident response for Coastal's hybrid banking environment. Leading detection, response, and vulnerability management to protect businesses and clients.
Responsibilities:
- Own SIEM/SOAR strategy and daily operations; drive log onboarding, normalization, and high-fidelity detections across the entire technology landscape, including but not limited to: Core technology infrastructure: Active Directory Domain Services, Entra ID, Okta, Azure control plane, Zscaler, Windows and macOS endpoints, hybrid network, Productivity/G&A systems: M365, SaaS, Business-specific systems: Azure IaaS/PaaS services, custom-developed API services, banking core, financial ledger and reporting systems.
- Coordinate with Engineering and IT to build detection engineering into system development lifecycle.
- Develop, test, and maintain detection content (e.g., KQL/Sigma), alert routing, and enrichment pipelines that reduce noise and increase true-positive rates.
- Integrate threat intelligence (strategic, operational, and technical) into detections and response workflows.
- Serve as incident response commander for high-severity incidents; coordinate cross-functional responders in Infrastructure, IT, Engineering, Legal, and Compliance.
- Build, maintain, and continuously improve standard operating procedures (SOPs), runbooks, and playbooks.
- Maintain and exercise incident response plans through tabletop and similar activities.
- Mature evidence handling, forensics workflows, and case management; ensure accurate timelines and regulator-ready documentation.
- Drive post-incident reviews with measurable corrective actions (people/process/technology) and executive readouts.
- Own the vulnerability management lifecycle, ensuring coverage of vulnerability discovery, triage, and management across servers, endpoints, network, cloud subscriptions, containers/images, and custom APIs.
- Prioritize remediation using risk-based scoring and exploit intelligence.
- Track configuration and identity hygiene (e.g., privileged accounts, conditional access, MFA coverage, device compliance) and partner with owners to close gaps.
- Building and maturing a threat hunting and purple team function as part of the overall Security & Threat Operations maturation roadmap.
- Lead day-to-day oversight of the third-party SOC: queue hygiene, case quality, SLAs, runbook adherence, and continuous tuning to our environment.
- Ensure vendor tooling integrations, data retention, and access are compliant with Coastal policies and regulatory expectations.
- Establish operating rhythms (standups, metrics reviews, post-incident retrospectives) and standard operating procedures for response, containment, eradication, and recovery.
- Build and maintain a Security and Threat Operations strategy in coordination with the Director of Security Engineering and Operations, CISO, and other stakeholders, including software engineering, data engineering, and IT.
- Develop and report on KPIs and KRIs for the Security and Threat Operations function.
- Align SecOps processes to FFIEC/GLBA expectations and industry frameworks (NIST CSF and Cyber Risk Institute Profile).
- Prepare evidence for audits/exams; provide clear, actionable metrics and board-level reporting on SOC performance, incident trends, control coverage, and risk reduction.
- Partner with Legal, Compliance, Privacy, and Third-Party Risk on obligations and notifications.
- Coach analysts on analytical rigor, bias reduction, and structured investigations.
- Promote a blameless, learning-oriented culture that prizes speed, accuracy, and craftsmanship.
Requirements:
- Demonstrated success operating in hybrid environments spanning on-prem AD, Entra ID (Azure AD), Okta, Azure, Microsoft 365, Zscaler, and containerized workloads/APIs.
- Hands-on expertise with SIEM/SOAR, EDR, log pipelines, and detection content development including tuning and QA.
- Proven incident commander for high-impact events; adept with forensics, scoping, containment, and executive communication.
- Strong vulnerability management leadership across technology areas, including risk-based prioritization and remediation orchestration.
- Familiarity with MITRE ATT&CK, cyber kill chain, and threat-led validation (purple teaming).
- Experience managing outsourced SOC/MSSP providers with measurable improvements to signal quality and response times.
- Excellent communication skills—able to translate technical risks into business terms and influence across stakeholders.
- Familiarity with scripting or automation tools (e.g., Python, TypeScript) to streamline operations processes.
- 8+ years in Security Operations, Incident Response, Detection Engineering, or Threat Hunting.
- 3+ years team lead experience.
- Bachelor’s degree in Information Security, Computer Science, or related field, or equivalent practical experience.
- Prior experience in a regulated environment (finance, healthcare, etc.) is strongly preferred.
Benefits:
- Medical Coverage: Choose from three competitive medical plans to find the coverage that best fits your needs and lifestyle.
- Health Savings Account (HSA): Available with eligible medical plans, offering tax advantages and employer contributions.
- Flexible Spending Accounts (FSA): Options for healthcare and dependent care expenses to help you save on out-of-pocket costs.
- Dental and Vision Insurance: Plans to keep you and your family smiling and seeing clearly.
- Life Insurance: Company-paid basic life insurance with options to purchase additional coverage for yourself and your dependents.
- Long-Term /Short-Term Disability (LTD): Income protection in the event of a long-term illness or injury.
- Supplemental Benefits: Including Hospital Indemnity, Accident Insurance, and Critical Illness coverage to provide extra financial support when you need it most.
- 401(k) Retirement Plan: A competitive retirement savings plan with company matching to help you plan for the future.
- Paid Time Off: Generous vacation and sick leave policies to support your time away from work.
- Holidays: Enjoy 11 paid holidays throughout the year.
Similar Jobs
Senior Security Operations Analyst
Security Operations Analyst monitoring and investigating security threats across enterprise systems. Collaborating with teams on incident response and threat intelligence activities.
Intermediate SecOps Engineer
Intermediate SecOps Engineer at the Eclipse Foundation managing security operations. Focused on threat detection, incident response, and operational resilience across infrastructure.
Staff Security Operations Engineer
Staff Security Operations Engineer enhancing security practices at Apollo. Collaborating with engineering teams to conduct threat modeling and drive secure software development.
SecOps Consultant
Google SecOps Consultant responsible for developing and managing Google SecOps environments. Collaborating with clients and managing services to ensure alignment with business processes.
Associate Cyber Security Operations Analyst
Join S&C Electric as an Associate Cyber Security Operations Analyst. Support cybersecurity initiatives by collaborating with technical teams and developing compliance strategies.
Senior Security Operations Analyst
Security Operations Analyst responsible for monitoring security threats and incident response for Newfold Digital. Collaborating with teams to strengthen security operations and reporting structures.
SOC Analyst
SOC Analyst monitoring client security events and responding to incidents while collaborating in a 24x7 SOC team. Seeking candidates with cybersecurity experience and a passion for information security.
Security Operations Engineer
Security Operations Engineer designing and implementing SecOps tools for a large energy sector project. Role involves developing detection capabilities and supporting incident response activities.
Security Operations Administrator
Security Operations Administrator managing security alerts and incident response for client's operations. Requires hands-on experience with various security platforms and independent operational management.
Security Operations Engineer
Security Operations Engineer monitoring security alerts and working with senior engineers to protect data. Investigating suspicious activities and refining defensive posture within a cybersecurity team.
Senior Security Operations Engineer
Senior Security Operations Engineer joining CentralReach to design secure architectures with AI-driven enhancements. Focused on cloud security and automated security capabilities across the organization.
Security Operations Center Analyst
Security Operations Center Analyst role with RapDev, a leading Datadog partner. Involves security monitoring, incident response, and working with cloud security solutions.
SOC Analyst – Contract
SOC Analyst at Sunshine Enterprise enhancing security monitoring and incident response capabilities. Focused on threat detection and investigating security events in a centralized operations environment.
IT Security Operations Center Specialist
IT Security Operations Center Analyst monitoring and responding to security alerts for Lincoln Financial. Ensuring the security of the network perimeter and analyzing traffic for threats.
Security Incident Response Specialist, Fluent Ukrainian
Security Incident Response Specialist at SupportYourApp, handling incidents and coordinating responses globally in a fully remote role.
Cyber Defender, SOC Analyst
Cyber Defender responding to threats and improving detection capabilities for an AI security company. Collaborating across functions to strengthen overall security posture in a fast-paced environment.
Analyst, Security Operations Center
Analyst in SEC managing event intake and incident response at Brightspeed. Focus on cyber security monitoring and incident management.
IT and Security Operations Analyst
Join UpGuard IT and Security Operations team handling core IT tasks and improving systems. Engage with a global workforce to support a thriving cybersecurity environment.
Senior Director Analyst – Security Operations, Threat Detection, Response and Automation
Security Operations Analyst focused on security operations research and client engagement. Supporting Gartner clients with expertise in threat detection, incident response, and automation.
Security Operations Engineer
Security Operations Engineer role at FICO focusing on cyber protection and automation development. Involved in incident response and security operations for a leading analytics company.