SOC Incident Response Manager - Senior Vice President at Citi

Irving, Texas, United States -

Full Time

Start Date

Immediate

Expiry Date

06 Apr, 26

Salary

0.0

Posted On

06 Jan, 26

Experience

10 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Incident Response, Cybersecurity, Digital Forensics, Malware Analysis, Team Leadership, Mentorship, Strategic Thinking, Communication, Stakeholder Management, Problem-Solving, Networking Protocols, Scripting, Containerization, SQL, Automation, Data Analysis

Industry

Financial Services

Description

Lead, mentor, and manage a global team of 6-10 Security Operations Center Incident Responders, fostering a culture of excellence and continuous improvement. Oversee and direct incident response functions, ensuring adherence to established playbooks and best practices across diverse computing environments. Drive strategic initiatives to enhance incident detection, containment, and eradication capabilities. Lead and support in-depth triage and investigations of urgent cyber incidents. Manage team performance, conduct regular reviews, and facilitate career development for direct reports. Ensure the team effectively performs host-based analytical functions (e.g., digital forensics, metadata, malware analysis, etc.) through investigating Windows, Unix-based, appliances, and Mac OS X systems to uncover Indicators of Compromise (IOCs) and/or Tactics, Techniques and Procedures (TTPs). Oversee the creation and tracking of metrics based on the MITRE ATT&CK Framework and other standard security-focused models, using these to drive continuous improvement. Lead collaboration with application and infrastructure stakeholders to identify key components and information sources such as various environments (on-premises versus other distributed systems), servers, workstations, middleware, applications, databases, logs, etc. Direct incident response efforts using forensic and other custom tools to identify sources of compromise and/or malicious activities. Collaborate with global multidisciplinary groups for triaging and defining the scope of large-scale incidents. Direct the documentation and presentation of investigative findings for high-profile events and other incidents of interest to senior leadership. Lead and participate in readiness exercises such as purple team, table tops, etc. Develop and implement training programs for junior and mid-level colleagues on relevant best practices and advanced incident response techniques. Act as a key escalation point for critical incidents and provide expert guidance to the team. Working knowledge of networking protocols and infrastructure designs; including routing, firewall functionality, host and network intrusion detection/prevention systems, encryption, load balancing, and other network protocols. Working knowledge of relational database systems and concepts (SQL Server, PostgreSQL, etc.). Working knowledge of virtualization products (e.g., VMware Workstation). Bachelor's degree in a technically rigorous domain such as Computer Science, Information Security, Engineering, Digital Forensics, etc. 10+ years of professional experience in cybersecurity and/or information security, or demonstrated equivalent capability. 5+ years hands-on working in cyber incident response and investigations, with at least 3 years in a leadership or management capacity, overseeing medium to large global teams, with exposure to various computing environments including cloud and traditional infrastructure. Proven experience in leading, mentoring, and developing technical teams. Demonstrated expertise or oversight in Dev/Sec/Ops practices within various computing environments. Deep understanding and experience with common services and platforms from a security and incident response perspective. Proven experience leading or directing forensic investigations or large-scale incident response efforts across diverse environments. Strong understanding and strategic leadership in containerization methods and tools (e.g., Docker, Kubernetes), including incident response and digital forensics considerations. Advanced certifications (e.g., GIAC, CISSP) in security or equivalent expertise. Demonstrated ability to lead teams in analyzing and pivoting through large data sets during incident investigations. Windows Operating Systems / UNIX / Mac OS X, specifically in system administration, command line use, and file system knowledge. Proficient in basic scripting and automation of tasks (e.g., C/C++, PowerShell, JavaScript, Python, bash, etc.). Leadership & Mentorship: Ability to inspire, motivate, and develop a high-performing global team. Strategic Thinking: Capacity to define and execute incident response strategy aligned with business objectives. Communication: Excellent verbal and written communication skills for presenting complex technical information to both technical and non-technical audiences, including senior management. Stakeholder Management: Proven ability to build and maintain strong relationships with internal and external stakeholders. Decision-Making: Sound judgment and decision-making skills under pressure during critical security incidents. Problem-Solving: Advanced analytical and problem-solving skills to guide the team through complex technical challenges. Adaptability: Ability to adapt to rapidly changing threat landscapes and evolving technologies. ------------------------------------------------------ For complementary skills, please see above and/or contact the recruiter. ------------------------------------------------------ Anticipated Posting Close Date: Jan 19, 2026 ------------------------------------------------------

Responsibilities

Lead and manage a global team of Security Operations Center Incident Responders, overseeing incident response functions and driving strategic initiatives. Collaborate with stakeholders to enhance incident detection and response capabilities while ensuring adherence to best practices.