Detection and Response Manager

This is a fully remote position, open to applicants in United States.

📋 Description

• Oversee daily Detection and Response operations, ensuring prompt detection, triage, investigation, and response to security incidents.

• Maintain 24/7 incident response readiness by managing the on-call rotation, which includes scheduling, escalation protocols, and service-level expectations.

• Act as the primary owner for the execution of incident response, encompassing initial containment, escalation, incident declaration, and forensic coordination.

• Serve as the main technical lead and point of contact during critical incidents, working closely with Infrastructure, Engineering, Legal, and Executive leadership.

• Supervise the development, tuning, and ongoing enhancement of SIEM detections, alerting mechanisms, and correlation rules.

• Promote the integration of internal and external Threat Intelligence to improve visibility and detection capabilities.

• Generate operational metrics and performance reports that focus on detection coverage, MTTD/MTTR, case handling quality, and tool effectiveness.

• Assess and implement new technologies, integrations, and automation opportunities to decrease manual workloads and improve response capabilities.

• Own and update incident response playbooks, SOPs, escalation pathways, and response frameworks.

• Ensure that regulatory, contractual, and internal stakeholder notifications are properly initiated and documented as necessary.

• Manage post-incident activities, including after-action assessments, corrective measures, and quantifiable improvements.

• Lead readiness initiatives such as tabletop exercises, red/blue/purple team exercises, and simulation-based training.

• Ensure that the incident response strategy aligns with the organization's risk appetite, audit requirements, and industry best practices.

• Direct and mentor analysts in investigations, incident management, and operational processes.

• Make staffing decisions, conduct performance evaluations, and oversee the onboarding and professional development of analysts.

• Identify operational deficiencies and suggest technical or procedural enhancements to advance the detection and response program.

• Advocate for a culture of continuous improvement, documentation discipline, and analytical excellence.

⛳️ Requirements

• Bachelor’s degree in Computer Science, Information Security, Engineering, or a related discipline (or equivalent experience).

• Relevant certifications such as CCSP, CISSP, GCIA, GCIH, GCFA, CySA+, or equivalent.

• Over 5 years of experience in leading security operations, incident response, digital forensics, or security engineering.

• Proven ability to manage incident response efforts from detection through containment, eradication, recovery, and post-incident analysis.

• Experience in conducting root cause analysis, log examination, and threat investigation.

• Familiarity with compliance frameworks such as PCI DSS, SOC 2, HIPAA, and FedRAMP.

• Strong grasp of cybersecurity principles, including networking, operating systems, endpoint security, cloud security, and identity access management.

• Practical experience with SIEM platforms (e.g., Elastic, Splunk), EDR tools, IDP/IPS, and various monitoring technologies.

• Expertise in incident handling methodologies and frameworks such as NIST 800-61, ISO 27035, and MITRE ATT&CK.

• Skilled in using incident management tools and ticketing systems (e.g., Jira, ServiceNow).

• Exceptional ability to communicate technical details clearly and effectively to both technical and non-technical audiences.

• Strong communication and interpersonal skills, with a capacity to manage high-pressure situations.

• Excellent organizational skills, capable of prioritizing and managing multiple concurrent incidents and tasks.

• Outstanding problem-solving, analytical, and decision-making abilities.

🏝️ Benefits

• Medical/prescription drug coverage (with a Health Savings Account feature)

• Dental and vision options

• Employee and spouse/child life insurance

• Short and long-term disability protection

• 401(k) with PNC match

• Pension and stock purchase plans

• Dependent care reimbursement account

• Back-up child/elder care

• Adoption, surrogacy, and doula reimbursement

• Educational assistance, including select programs fully funded

• A comprehensive wellness program with financial incentives

• Maternity and/or parental leave

• Up to 11 paid holidays each year

• 9 occasional absence days each year, unless otherwise mandated by law

• Between 15 to 25 vacation days each year, based on career level and years of service