Cyber Security Incident Response Team Lead

Lamoreaux Search


Our global marketing communications client has a rich 100+ year history of excellence in service and growth predominantly through acquisition. Their portfolio of companies reaches over 1,500 agencies in more than 100 countries connected by a parent company dedicated to leveraging their collective and individual offerings.

Our client is seeking a Cyber Security Incident Response Lead (CSIRT) who will act as a regional Incident coordinator during events that require orchestrated responses between business units, executive stakeholders, legal teams, and clients worldwide. This role requires excellent written and verbal communication skills with the ability to train and mentor others. Furthermore, this role also focuses on creating, modifying, and maintaining documented standards that facilitate the repeatable and automatable processes required to adhere to compliance with ISO 27001, GDPR, and US Fed Ramp. The ability to write code and/or scripts that automate common processes is essential. Working knowledge of cloud security in hybrid cloud environments is required.

Key Focus Areas:

· This position is responsible for execution of the Incident Response program for the client. This position reports to the Global Director, CSIRT and Threat Intelligence.

· Design, develop and oversee execution of formal processes to create process lifecycles that ensure the creation of consistent responses that cover up to 80 percent of common incidents.

· Build, lead, and mentor junior CSIRT analysts responsible for the detection, containment, eradication, recovery, and lessons learned associated with high profile incidents.

· Ability to work under pressure with senior executives, clients, and teams responsible for adhering to regulatory obligations during major incidents.

· Serve as liaison between Internal Audit, Legal, and business units to ensure applicable incidents are investigated and resolved within corporate governance guidelines.

· Develop and maintain expertise in trends around cyber security, cyber threats and their tactics, and relevant security technologies.

· Provide monthly, quarterly, bi-annual, and annual metrics to track, validate, and provide continuous improvement to the Incident Response program.

· Leads the development of Security Orchestration Automation and Response (SOAR) playbooks and act as the automation SME to translate manual processes into automated workflows.

· Leads the development of Cloud focused incident response processes across various cloud platforms.

· Assist in and maintenance of information Incident Response framework, including the design and implementation of standards, procedures, and knowledge base articles.

· Develop/maintain security and control framework to ensure compliance with stated metrics and documented controls.

· Proven track record leading third party vendors and contract resources in a global environment.

· Knowledge of techniques used to secure cloud environments through zero trust principles and API based intelligence collection.

· Promotes an ongoing culture of continuous learning and Incident Management through documented procedure and the application of critical thinking against principles within the MITRE framework and equivalent best practice standards.


· Bachelor’s degree required, preferably in computer science, information systems, engineering, business administration, or related field.

· Authorized to work in the U.S. (or other depending on role location).

· Minimum of 4-6 years of experience required.

· Past Media and Entertainment industry experience a plus.

· Certified in one or more of the following: CISSP, CISM, CISA, CEH, SANS GIAC Security Certifications,

CompTIA Security Certifications, ITIL.

· Subject matter expertise in Incident Response and Cyber Security required.

· Willingness to travel up to 25 percent.

· Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT and NIST.

· Working knowledge and experience in the MITRE ATT&CK framework.

· Ability to work night, weekends, and holidays during major incidents.


· Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.

· Excellent problem solving and analytical skills, individual must be a team player, strategic and analytical thinker, able to think “big picture”, as well as focus on trends and data coupled with industry themes, and able to multitask on projects.

· Ability to build-out security strategy aligned with business objectives that will continually improve and enhance cybersecurity within the organization.

· Demonstrate the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.

· Possess a strong technology background with the ability to challenge or validate technology decisions from a position of knowledge and experience.

· Experience with Endpoint and Network analysis and interpreting artifacts to identify threat behavior and intent.

· Experience with handling evidence using forensically sound methodologies for legal preservation.

· Exposure to cloud architecture concepts such as service principals, serverless functions, and key vaults to enable informed cloud incident response.

· Exposure to Microsoft Active Directory concepts such as domains, group policy objects, and permissions to enable informed on-premise incident response.

· Experience conducting threat hunts and searches in a SIEM technology, articulating a threat story and crafting a SIEM query to detect the presence of said activity.

· Ability to code and/or script in Python 3, JavaScript, PowerShell, .Net, or equivalent integration languages.

· Ability to translate orchestration design documents into SOAR playbooks leveraging preconfigured integrations or developing new integrations with well-defined, documented APIs.

· Ability to understand malicious scripts written in various languages such as VBA, PowerShell, Python, JavaScript, and others.

· Understanding of threat techniques to exploit a system, elevate privileges, and conduct lateral movement, to enable informed Incident Response. Experience with Penetration Testing frameworks such as Cobalt Strike or Participation in Capture The Flag exercises is a plus.

· Possess the ability to rapidly assimilate business strategies, coupled with the insight to seize high impact opportunities by applying creative problem-solving solutions.

· Track record of managing across multiple global locations, with a solid understanding of the challenges and benefits.

Job Overview

Receive job alerts twice per week:

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Choose one or more global alerts or browse to the USA and UK alert pages:

USA Specific Job Alerts
UK Specific Job Alerts

Our marketing platform's terms of use