Cyber Incident Response Lead

Job Description

The Cyber Incident Response (IR) Lead at Stride is a crucial member of the cybersecurity team, responsible for overseeing the monitoring, detection, and response to cybersecurity incidents. This role involves leading IR activities across the organization and working closely with incident response managers, cybersecurity team members, and executive leadership.

The Cyber Incident Response (IR) Lead at Stride is a crucial member of the cybersecurity team, responsible for overseeing the monitoring, detection, and response to cybersecurity incidents. This role involves leading IR activities across the organization and working closely with incident response managers, cybersecurity team members, and executive leadership.

ESSENTIAL FUNCTIONS:   Reasonable accommodations may be made to enable individuals with disabilities to perform the essential duties.

• Incident Response Leadership: Lead and oversee the investigation of suspected and confirmed incidents, coordinating with a team of responders, the incident response manager, and cybersecurity leadership.
• Incident Handling: Respond to and investigate cybersecurity incidents, which may include off-hours and scheduled rotations. Serve as a point of contact for suspected and confirmed incidents.
• Information Collection and Analysis: Collect and analyze information from multiple event sources, both internal and external, to validate and prioritize incidents.
• Incident Monitoring: Monitor for incidents across endpoints, databases, applications, networking, mobile, and cloud services.
• Incident Examination: Examine incidents related to ransomware, host compromise, account compromise, phishing, anomalous user behavior, third-party risks, and data leakage.
• Root Cause Analysis: Conduct root cause analysis, document findings, and recommend and implement remediation actions.
• Plan and Playbook Development: Develop, implement, and maintain incident response plans and playbooks to standardize and improve response procedures.
• Collaboration: Liaise with security operations to improve monitoring and response workflows. Collaborate with infrastructure, IT, vulnerability, threat intelligence, and application security teams.
• Performance Improvement: Work with the team to improve mean time to respond, key performance indicators, and service-level objectives.
• Technical Expertise: Utilize advanced technical skills to perform digital forensics, analyze incidents, and extract Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs).
• Threat Hunting: Conduct proactive threat hunting based on anomalies and possible true positive incidents.
• Training and Exercises: Regularly participate in IR tabletop exercises to identify gaps, improve skills, enhance communication, and engage with key stakeholders.
• Trend Reporting: Perform incident analysis and trend reporting for host, network, identity, and third-party events.
• Documentation and Communication: Document and communicate incident details from initial investigation through closure and post-mortem. Maintain chain of custody and ensure evidence integrity.
• Continuous Improvement: Refine and maintain playbooks, policies, procedures, and guidelines to ensure they align with industry best practices. Identify strengths and weaknesses in the program to enhance team skills and knowledge.
• Emerging Threats: Stay current with emerging threats and share knowledge with colleagues to improve incident response capabilities.
• Metrics and Reporting: Develop, generate, and report incident response metrics and KPIs.

Supervisory Responsibilities: This position is expected to lead and coordinate cross functional teams in a non-supervisory capacity while guiding incident response efforts.

MINIMUM REQUIRED QUALIFICATIONS:   

• Bachelor’s degree in management, science, engineering, computers, or a technical field AND
• Five (5) years of experience in information security AND
• Four (4) years of experience in incident & threat detection and response OR
• Equivalent combination of education and experience

Certificates and Licenses: None required.

OTHER REQUIRED QUALIFICATIONS: 

• Experienced with relevant SIEM supporting & integrating technologies such as JSON, APIs, etc. used in security incident detection and response

• Highly technical and analytical expertise, with a proven deep background in technology design, implementation, and delivery.  
• Demonstrable and hands-on experience with AWS and Azure event logging technologies.
• Experience with TCP/IP, Unix & Windows operating systems, and Oracle, and SQL databases.

• General frequent use and application of cyber technical standards, principles, theories, concepts, and techniques.
• Prior experience with SIEM technologies.
• Strong knowledge in the following areas:
  • On-prem and cloud SIEM systems
  • AWS WAF & Guard Duty
  • Microsoft Azure AD & O365
  • Web Application Firewalls
  • Linux servers
  • Windows servers
  • Endpoint Detection & Response systems
  • Email security systems
  • Vulnerability management systems
  • Cloud security principals
  • Digital forensics tools 
• Clear written and verbal communication skills.
• Ability to work independently and without direct supervision.
• Outstanding time management and organization skills.
• Microsoft Office (Outlook, Word, Excel, PowerPoint, Project, Visio, etc.); Web proficiency.
• Ability to travel up to 10%.
• Ability to clear required background check.

Work Environment:  The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• This position is remote and open to residents of the 50 states, D.C.

Compensation & Benefits: Stride, Inc. considers a person’s education, experience, and qualifications, as well as the position’s work location, expected quality and quantity of work, required travel (if any), external market and internal value when determining a new employee’s salary level.  Salaries will differ based on these factors, the position’s level and expected contribution, and the employee’s benefits elections.  Offers will typically be in the bottom half of the range.

• We anticipate the salary range to be $81,045.74- $201,088.80. The upper end of this range is not likely to be offered, as an individual’s compensation can vary based on several factors. These factors include, but are not limited to, geographic location, experience, training, education, and local market conditions. Eligible employees may receive a bonus. Stride offers a robust benefits package for eligible employees that can include health benefits, retirement contributions, and paid time off.

The above job is not intended to be an all-inclusive list of duties and standards of the position. Incumbents will follow any other instructions, and perform any other related duties, as assigned by their supervisor.  All employment is “at-will” as governed by the law of the state where the employee works.  It is further understood that the “at-will” nature of employment is one aspect of employment that cannot be changed except in writing and signed by an authorized officer. 

Job Type

Regular

The above job is not intended to be an all-inclusive list of duties and standards of the position. Incumbents will follow any other instructions, and perform any other related duties, as assigned by their supervisor. All employment is “at-will” as governed by the law of the state where the employee works.  It is further understood that the “at-will” nature of employment is one aspect of employment that cannot be changed except in writing and signed by an authorized officer.

Stride, Inc. is a Federal Contractor, an Equal Opportunity/Affirmative Action Employer and a Drug-Free Workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected Veteran status age, or genetics, or any other characteristic protected by law.

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)