Manager, Cybersecurity Incident And Breach Response

Manager, Cybersecurity Incident And Breach Response


DC, Washington

Employment Type



Information Technology

Job ID



Our client is a leading international law firm that provides innovative legal solutions to many of the world's top financial institutions and Fortune Global 500 companies. They are in a growth stage and looking to expand their Information/Cybersecurity Teams. Currently seeking a Manager, Cybersecurity Incident and Breach Response.


*** Position is located in Washington, DC and requires onsite 3 days a week***

Job Description:

  • In support of the Business Continuity Management program, implement and manage the monitoring and incident handling program including the technologies, processes, training and documentation needed to ensure the organization can effectively detect and respond to security incidents
  • Liaise with the Security Operations and Engineering team to assure continuous 24x7x365 monitoring to establish response to security events, investigation of correlated security event feeds, and the appropriate triage and escalation in case of an identified security incident or data breach
  • Mature and manage domain and email-based threat intelligence and threat analytic functions in order to provide related threat intelligence information for effective security operations and security incident response, focusing on events that are likely to lead to a compromise
  • Oversee the Incident Response (IR) program, including documentation, awareness, exercises, and response through all phases of an incident to include post-incident documentation and coordination
  • Support the operational IR or data breach response coordination in the event of an actual incident;
  • Act as liaison and point of entry between Information Technology (IT) when coordinating either security IR or operational disruption IR activities.
  • Experience managing security operations for IT infrastructure (Vulnerability Management Program, advance incident response, cyber forensic investigation, endpoint security, EDR Tool, and exercise development / execution);
  • Significant expertise in Cyber Security Incident Response and experience in one or more areas of Cyber Security: Intrusion Detection and Mitigation, Network Defense, Network Traffic Analysis or Operating System Security, Forensics, Incident Response, Cyber Threat Hunting, or Malware Analysis and Reverse Engineering
  • Knowledge of general attack stages, including foot printing and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, and covering tracks;
  • Familiarity with various malware categories, their characteristics, and network-based indicators of compromise
  • Familiarity with networking vulnerabilities and exploit methods such as DDoS, XSS attacks, SQL injection and how to recognize attacks in-progress;
  • Enterprise-level experience performing incident triage, analysis, response, and remediation for computer network intrusions, web application and server attacks, insider threats, and malware infections.


Job Requirements:

  • 10+ years of experience with cybersecurity or information technology (preferred);
  • 10+ years’ experience in an Incident Response capacity (SOC/NOC/watch floor, incident response, threat hunting team, forensic team, etc.) (preferred);
  • BS degree in Computer Science or related field (required).
  • Thorough understanding of the latest security principles, techniques, and protocols;
  • Experience maintaining metrics and SLAs;
  • Detailed technical knowledge of network, database, and/or operating system security;
  • Knowledge of NIST 800-62 and other industry regulatory standards as they pertain to reporting incidents;
  • Hands on experience in security systems, including vulnerability management, identity and access management, security risk assessments, application testing, etc.;
  • Experience with network security, networking technologies, and network monitoring tools;
  • Working knowledge of IT processes (i.e., ITIL) including incident, problem, defect, change and release management
  • Experience with secure architecture principals, secure SDLC, security system integration and configurations, and troubleshooting.

Contact Details:

Please contact if interested