Responsibilities:

• Own the end-to-end D&R incident management program: detection workflows, response processes, escalation paths, communication standards, and remediation tracking.
• Serve as incident commander for security incidents, driving clear coordination across executive, engineering, security, legal, and other appropriate stakeholders.
• Establish and run incident commander rotations within D&R, ensuring clear ownership and effective coordination during incidents of varying severity.
• Drive post-incident accountability by defining how action items are captured, assigned, tracked, and completed across teams,ensuring follow-through on both tactical fixes and strategic improvements.
• Gather, analyse, and report on incident trends and patterns to surface systemic risks, recurring root causes, and areas where the organisation is most vulnerable.
• Translate trend analysis into actionable cross-functional initiatives: partner with engineering, infrastructure, security, and product teams to prioritise and implement broad fixes and preventive improvements that address root causes rather than symptoms.
• Lead incident review forums (post-mortems, retrospectives) and ensure learnings are captured, socialised, and acted upon across the organisation.
• Develop and maintain D&R incident response documentation, playbooks, runbooks, and training materials; keep them current as the threat landscape and our systems evolve.
• Partner with detection engineering to improve alert fidelity, reduce noise, and shorten time-to-detection for security events.
• Define, develop, and track incident management KPIs and report regularly to D&R and Security leadership.
• Support broad cross-functional training and initiatives to uplevel security awareness across the company (e.g. Tabletop exercises, training, talks).

You may be a good fit if you:

• Have 7+ years of experience in technical program management, incident management, or security operations, with significant time spent in a detection & response or security incident response context.
• Have led or built incident response programs at a technology company, ideally in a high-growth or security-intensive environment.
• Have a demonstrated track record of turning incident data into organisational improvements,not just writing post-mortems, but driving the cross-functional work to implement systemic fixes.
• Are comfortable participating in on-call responsibilities and leading incident response during high-severity security events, including off-hours.
• Have experience building and scaling operational processes from the ground up in environments where structure didn’t previously exist.
• Excel at driving accountability and follow-through across multiple teams without direct authority,you know how to influence, track, and close the loop.
• Have strong analytical skills and experience with incident trend analysis, metrics reporting, and data-driven prioritisation.
• Are highly organised with a knack for bringing structure to ambiguous, fast-moving situations.
• Have excellent communication skills, especially under pressure and when coordinating across technical and non-technical stakeholders, including executive leadership.
• Thrive in fast-paced environments where priorities shift and you’re often working with incomplete information.

The annual compensation range for this role is $320,000-$405,000 USD.

XML job scraping automation by YubHub

You'll be the driving force behind maturing and scaling our incident response lifecycle,from detection and triage through containment, remediation, and post-incident review. Critically, some of the highest-impact work in this role happens after the immediate response: gathering data on incident trends, reporting on patterns and root causes, and working cross-functionally across engineering, security, infrastructure, and product teams to ensure that broad fixes and systemic improvements are actually implemented.

Responsibilities:

• Own the end-to-end D&R incident management program: detection workflows, response processes, escalation paths, communication standards, and remediation tracking.
• Serve as incident commander for security incidents, driving clear coordination across executive, engineering, security, legal, and other appropriate stakeholders.
• Establish and run incident commander rotations within D&R, ensuring clear ownership and effective coordination during incidents of varying severity.
• Drive post-incident accountability by defining how action items are captured, assigned, tracked, and completed across teams,ensuring follow-through on both tactical fixes and strategic improvements.
• Gather, analyze, and report on incident trends and patterns to surface systemic risks, recurring root causes, and areas where the organization is most vulnerable.
• Translate trend analysis into actionable cross-functional initiatives: partner with engineering, infrastructure, security, and product teams to prioritize and implement broad fixes and preventive improvements that address root causes rather than symptoms.
• Lead incident review forums (post-mortems, retrospectives) and ensure learnings are captured, socialized, and acted upon across the organization.
• Develop and maintain D&R incident response documentation, playbooks, runbooks, and training materials; keep them current as the threat landscape and our systems evolve.
• Partner with detection engineering to improve alert fidelity, reduce noise, and shorten time-to-detection for security events.
• Define, develop, and track incident management KPIs and report regularly to D&R and Security leadership.
• Support broad cross-functional training and initiatives to uplevel security awareness across the company (e.g. Tabletop exercises, training, talks).

You may be a good fit if you:

• Have 7+ years of experience in technical program management, incident management, or security operations, with significant time spent in a detection & response or security incident response context.
• Have led or built incident response programs at a technology company, ideally in a high-growth or security-intensive environment.
• Have a demonstrated track record of turning incident data into organizational improvements,not just writing post-mortems, but driving the cross-functional work to implement systemic fixes.
• Are comfortable participating in on-call responsibilities and leading incident response during high-severity security events, including off-hours.
• Have experience building and scaling operational processes from the ground up in environments where structure didn’t previously exist.
• Excel at driving accountability and follow-through across multiple teams without direct authority,you know how to influence, track, and close the loop.
• Have strong analytical skills and experience with incident trend analysis, metrics reporting, and data-driven prioritization.
• Are highly organized with a knack for bringing structure to ambiguous, fast-moving situations.
• Have excellent communication skills, especially under pressure and when coordinating across technical and non-technical stakeholders, including executive leadership.
• Thrive in fast-paced environments where priorities shift and you’re often working with incomplete information.

The annual compensation range for this role is $320,000-$405,000 USD.

XML job scraping automation by YubHub