
Cyber Threat Detection & Response Team Lead
Posted Jun 25

Posted Jun 25
This is a fully remote position, open to applicants in California.
• The Team Lead for Cyber Detection and Response will be instrumental in establishing and managing a premier Detection and Response Team (DART) for a key client of Control Risks.
• This role involves hands-on technical leadership, responsible for building the team from scratch; formulating strategy, enhancing capabilities, and guiding a team of security experts to proactively identify, investigate, and respond to cyber threats within the client's environment.
• This position collaborates closely with the client's Security Engineering team to ensure that detection and response capabilities are well-integrated into the overall security framework.
• The Team Lead offers technical guidance and operational oversight on all matters related to detection and response, safeguarding the client’s systems, networks, data, and cloud environments.
• This role promotes a robust first-line ownership model by collaborating with technological and business stakeholders to incorporate security into planning, development, and operational processes.
• Work in close conjunction with client stakeholders and the Security Engineering team to construct, oversee, and expand a Cyber Detection and Response Team (DART) from inception.
• Define and execute the operational model for DART, which includes tiered escalation paths, on-call rotations, and coordination protocols with Security Engineering, IT, Legal, Risk, and other business stakeholders.
• Spearhead the creation of Standard Operating Procedures (SOPs) for detection and response activities, encompassing tooling integration, reporting lines, and protocols for out-of-hours incidents.
• Establish and continually refine incident response playbooks aligned with the MITRE ATT&CK framework and the specific threat landscape of the client.
• Act as Incident Commander for critical and high-severity cybersecurity incidents, orchestrating the technical response across forensics, network, endpoint, cloud, and identity workstreams.
• Take the lead in managing the most severe cybersecurity incidents, including supporting responders with reporting, executive updates, root cause analysis, and recommendations for remediation.
• Supervise the triage of cyber events, ensuring swift identification, investigation, containment, and remediation.
• Lead proactive threat hunting initiatives to uncover potential compromises, unrecognized adversary activities, and deficiencies in detection coverage.
• Incorporate threat intelligence into DART workflows and utilize intelligence to shape response and prevention strategies.
• Conduct regular check-ins, provide coaching and feedback, manage performance evaluations and improvement plans, and assist with career development for team members.
• Serve as the primary liaison between team members and the ECS program management team, ensuring timely updates on programs and personnel, and overseeing the quality of client deliverables.
• Collaborate with the Talent Acquisition team to participate in hiring processes, ensuring team staffing aligns with client expectations and program requirements.
• Lead onboarding activities (e.g., joiner tickets, scheduling, equipment, success plans), manage offboarding logistics and leaver tickets, and ensure operational continuity.
• Oversee team schedules, approve PTO, ensure compliance with timesheets, and maintain a consistently high-quality service for the client.
• Work closely with the ECS program management team to align on overall program strategy and priorities, creating clear and actionable team deliverables.
• Over 10 years of progressive experience in cybersecurity, with substantial expertise in incident response, detection engineering, SOC operations, or cyber defense.
• At least 3 years in a leadership position managing or building a detection and response, SOC, or incident response team.
• Extensive hands-on knowledge of incident response, digital forensics, malware analysis, and threat hunting techniques.
• Practical experience with detection and response technologies including SIEM (e.g., Splunk, Microsoft Sentinel), SOAR, EDR/XDR (e.g., CrowdStrike, SentinelOne), NDR, IDS/IPS, and log management platforms.
• Strong grasp of the MITRE ATT&CK framework, NIST Cybersecurity Framework (800-61, 800-53), and industry best practices for managing the incident response lifecycle.
• Demonstrated experience collaborating closely with Security Engineering teams to develop and fine-tune detection logic, automate response workflows, and strengthen security architecture.
• Capability to translate intricate technical exploit chains and risks into narratives that convey business impact for executive leadership (C-Suite, Board-level).
• Experience in creating operational processes, escalation frameworks, and playbooks from the ground up.
• Solid understanding of cloud security (AWS, Azure, GCP) and contemporary enterprise environments, including identity platforms, zero trust architecture, and containerized workloads.
• Familiarity with threat intelligence platforms (e.g., Recorded Future, OpenCTI, MISP) and the integration of CTI into detection and response workflows.
• Knowledge of legal and regulatory frameworks governing SOC and incident response activities across various jurisdictions.
• Relevant certifications: CISSP, CISM, GIAC (GCIH, GCFA, GCIA, GSOM), or equivalent.
• Medical Benefits, Prescription Benefits, FSA, Dental Benefits, Vision Benefits, Life and AD&D, Voluntary Life and AD&D, Disability Benefits, Voluntary Benefits, 401 (K) Retirement, Nationwide Pet Insurance, Employee Assistance Program.
• As an equal opportunity employer, we encourage qualified applicants from diverse backgrounds to apply and join our team, fully committed to fair treatment, free from discrimination, for all candidates throughout our recruitment process.
• Control Risks is dedicated to fostering a diverse environment and proudly stands as an equal opportunity employer. All qualified applicants will be considered for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. If you need any reasonable adjustments to fully participate in the interview process, please inform us, and we will gladly accommodate your needs.
Digital Federal Credit Union
Lucet
NJM Insurance Group
Get handpicked remote jobs straight to your inbox weekly.