Assistant Manager, Cybersecurity Incident Response

About This Role

We are partnering with a leading technology-driven telecommunications organization that is scaling rapidly to support new digital initiatives and platforms. As part of this expansion, we are seeking an experienced Assistant Manager for Cybersecurity Incident Response to join a collaborative team managing large-scale systems and innovative security solutions. This is a unique opportunity to make a real impact on enterprise-level security operations while working with cutting-edge technologies in a remote environment.

Key Accountabilities

• Incident Management: Lead end-to-end management of cybersecurity incidents, ensuring timely detection, triage, investigation, and resolution across the organization.
• Performance Metrics: Achieve and maintain target MTTD (Mean Time to Detect) and MTTR (Mean Time to Respond) benchmarks to drive operational efficiency.
• SIEM Platform Administration: Effectively administer and optimize the Elastic SIEM platform, including rule creation, tuning, and strategic integrations with enterprise tools.
• Detection Development: Develop accurate and relevant detection use cases aligned with evolving threat patterns and organizational security needs.
• Stakeholder Coordination: Ensure timely escalation and coordination with internal and external stakeholders during critical security incidents.
• Incident Reporting: Provide transparent and comprehensive incident reporting to leadership, security teams, and relevant business units.
• Operational Excellence: Drive continuous improvement through monitoring, alerting optimization, investigation protocols, and alert tuning refinement.
• Cross-functional Collaboration: Partner with Data Engineering, Architecture, Security, Infrastructure, and Tooling teams to ensure aligned technical cybersecurity discussions and implementations.

Core Responsibilities

• Monitor, triage, and investigate alerts from multiple log sources including network, endpoint, cloud, and application environments.
• Create, refine, and manage SIEM detection rules to capture the latest attack patterns and emerging threats.
• Conduct advanced log analysis and event correlation to identify potential intrusions, lateral movement, or malicious behavior.
• Drive use case ideation and validation to improve threat detection coverage, accuracy, and relevance.
• Manage and maintain Elastic Stack components (Elasticsearch, Logstash, Kibana, Beats) for operational reliability and efficiency.
• Lead integration efforts with EDR solutions, firewalls, cloud platforms, and ticketing systems.
• Collaborate with IT, Network, and Cloud teams for incident follow-up, containment strategies, and recovery operations.
• Present detailed incident findings, root cause analyses, and remediation plans to key stakeholders and leadership.
• Document and continuously enhance incident response playbooks and standard operating procedures (SOPs).
• Conduct thorough post-incident reviews and implement lessons learned to strengthen overall security posture.

💰 Compensation not publicly listed. Market estimate for similar roles: from $130K, varying by experience and location.