We are seeking an experienced Incident Response leader to own and lead the companys response to large-scale, high-impact cyber incidents. This role is responsible not only for technical response, but for cross-company crisis coordination, executive decision support, and ensuring fast, controlled mitigation across engineering, product, legal, communications, and leadership teams.
This is a leadership role for someone who has personally led complex incidents under pressure - including situations involving material business risk, customer impact, regulatory exposure, and executive visibility.
Key Responsibilities:
Incident Leadership & Crisis Management
Serve as the Incident Commander for high-severity cyber incidents, including breaches, supply-chain attacks, insider threats, and platform-wide security events.
Lead company-wide incident response efforts, coordinating technical, operational, legal, communications, and executive stakeholders.
Stand up and orchestrate crisis management teams during major incidents, ensuring clear ownership, decision-making, and execution under pressure.
Drive rapid containment, eradication, and recovery while balancing business continuity, customer impact, and regulatory obligations.
Act as the primary point of contact to executive leadership during incidents, providing clear, concise, timely, and actionable updates.
Cross-Department Coordination
Orchestrate response activities across Security, Infrastructure / Cloud Operations, Product & Application Security
Ensure alignment between technical response actions and business, legal, and regulatory considerations.
Manage external parties when needed
Preparedness & Operational Excellence
Own and continuously improve the incident response framework, including severity definitions, escalation paths, and decision authority.
Design and run executive-level incident simulations and tabletop exercises, including cross-functional and leadership participation.
Ensure high-quality post-incident reviews that result in measurable improvements to controls, detection, and response readiness.
Define and track incident response metrics (MTTD, MTTR, blast radius, decision latency).
Track and follow-up on lessons learned and enhancements to ensure implementation and continuous improvement.
דרישות:
10+ years in cybersecurity, with significant incident response management experience.
Proven experience leading large-scale, cross-company cyber incidents, including incidents involving:
Multiple engineering and operational teams
Executive leadership and board-level visibility
Demonstrated experience acting as Incident Commander or equivalent role during major security events for at least 15 incidents in the past 5 years.
Strong understanding of:
Cloud and SaaS architectures
Identity, access control, and infrastructure security
Detection and response technologies (SIEM, EDR, cloud-native tools)
Offensive background
Ability to translate technical facts into business impact and risk-based decisions.
Critical Skills & Attributes
Crisis leadership: Calm, decisive, and structured under extreme pressure.
Authority without ego: Able to lead across departments without formal reporting lines.
Executive communication: Clear, concise, and credible with senior leadership.
Systems thinker: Understands how technical, human, and process failures compound during incidents.
Bias for action: Moves quickly while maintaining discipline and documentation.
Analytical thinking: Attention to details and ability to connect multiple dots into a concise and accurate picture.
Previous experience at Mandiant, Sygnia, CrowdStrike, Unit 42, or similar elite IR teams
Experience in crypto, fintech, custody, payments, or highly regulated environments
Hands-on background in forensics, threat hunting, or security engineering
Nice to Have
Experience in crypto, fintech, cloud infrastructure, or highly regulated environments
Experience supporting regulatory notifications המשרה מיועדת לנשים ולגברים כאחד.