Optomi, in partnership with an enterprise organization is seeking a Cybersecurity Incident Response Lead to lead the coordination, execution, and continuous improvement of our security incident response program. This role is responsible for ensuring security incidents are identified, triaged, contained, communicated, and learned from effectively across a complex, multi-business-unit environment. This role is critical to reducing response time, limiting business impact, and improving organizational resilience against recurring threats such as social engineering, identity abuse, and cloud exposure.
Key Responsibilities
Incident Response Investigation & Leadership
- Serve as the primary incident coordinator for cybersecurity events, including social engineering, identity compromise, data exposure, and cloud security incidents.
- Lead incident triage, severity assessment, and escalation to ensure the right stakeholders are engaged quickly.
- Investigate and analyze: examine data from active and historical cases to uncover attack vectors, root causes, and emerging threats. Lead investigations to drive actionable findings and inform response strategies.
- Coordinate containment, eradication, and recovery activities across Security Operations, IAM, SecEng, IT, and business units. Ensure after action reviews are conducted and follow-on plans are implemented.
- Maintain IR playbooks, escalation paths, and communication templates.
- Ensure incidents are handled consistently, efficiently, and in accordance with established response playbooks.
- Own incident communications, including:
- Situation updates during active incidents
- Clear post-incident summaries
- Executive briefings
- Translate technical findings into business impact, risk, and decision-oriented messaging.
- Contribute to recurring security reporting by incorporating incident trends, metrics, and lessons learned.
- Help mature the organization’s incident management framework, including:
- Incident severity models
- Roles and responsibilities
- On-call and escalation procedures
- Lead tabletop exercises and simulations focused on high-risk scenarios such as:
- Social engineering and identity abuse
- Data exposure involving public or regulated datasets
- Cloud misconfiguration and multi-tenant impact
Qualifications
Required
- 5-8 Years of Experience managing or coordinating the full lifecycle of security incidents in an enterprise environment.
- Proven ability to lead through influence across technical and non-technical teams.
- Excellent written and verbal communication skills and experience briefing senior leadership.
- Experience with security tooling to include but not limited to SIEM, EDR, IAM platforms, cloud security, DSPM tools, and ticketing systems.
- Strong understanding of security operations workflows, attack techniques, and mitigation strategies.
- Calm, structured decision-making under pressure.
- Experiencing building or maturing incident response programs in distributed, multi-org companies.
- Experience using automation to improve incident workflows, response consistency, and follow-through.
- Familiarity with regulatory or privacy considerations in media, healthcare, or regulated environments.
