Remote Incident Response Manager

Data Analysis Incorporated (DAI) is the controlling entity of the O'Neil family of businesses. DAI and its subsidiaries operate in diverse industries worldwide, including global equity markets, health care, financial services, digital news, and insurance. Our global footprint allows our teams to be responsive to customer needs in a timely and efficient manner. We are dedicated to using technology and innovation to bring change and growth to our businesses. We believe in a dynamic workplace, creating engaging, informative products and services that help our customers succeed. Integrity is an essential characteristic for our firms and our associates; if this describes you, please apply 

The Incident Response Manager leads and directly participates in the investigation and response to cybersecurity incidents across the organization. This role serves as the designated Incident Commander for security events, owning technical decision making from detection through containment, remediation, and recovery. In addition to providing functional leadership to the incident response team, the manager coordinates cross-functional stakeholders, drives clear and consistent response execution, and leads post-incident analysis to improve readiness and effectiveness. The role emphasizes hands-on technical leadership, real-time incident command, and continuous improvement to reduce risk and protect enterprise assets.

• Acts as the designated Incident Commander during high severity cybersecurity incidents, with authority to direct response actions and coordinate cross-functional teams.
• Lead incident response activities directly while providing functional leadership and guidance to incident responders. Oversee the execution of incident response playbooks, driving consistency in root cause analysis and post-incident reporting.
• Coordinate with IT, IAM, Legal, Privacy, and Business stakeholders during active incident management and escalation.
• Ensure incident response actions are effective, timely, and defensible, with appropriate alignment to policy and regulatory expectations.Continuously assess incident trends and integrate lessons learned into improved processes, detection logic, and tooling.
• Provide subject matter expertise in the implementation and tuning of detection and response capabilities (e.g., Microsoft Defender XDR, Sentinel, Entra ID, Purview).
• Collaborate with Security Operations and Detection Engineering to develop and optimize incident response readiness and metrics.
• Maintain up-to-date knowledge of attacker techniques (e.g., MITRE ATT&CK) and advise on evolving threat response strategies.
• Present incident summaries and remediation plans to executive and technical leadership as appropriate.
• Contribute to the development of staff through coaching, mentoring, and performance feedback.

Required Education, Experience, Certification/Licensure

• Bachelor's degree in Computer Science, Cybersecurity, or equivalent experience in a related technical field.
• Minimum of 7 years of experience in cybersecurity, including 3+ years in hands-on incident response roles.
• Demonstrated experience serving as a technical lead or incident commander during security incidents; formal people management experience is preferred but not required.
• Proven experience leading and responding to security incidents across multiple domains including endpoint, identity, cloud, and SaaS environments.
• Strong proficiency with enterprise security tooling such as Microsoft Defender XDR, Sentinel, and identity protection platforms.

Preferred Education, Experience, Certification/Licensure

• Industry-recognized certifications (e.g., GCIH, GCFA, GCIA, CISSP).
• Experience within a regulated enterprise or consulting environment.

KNOWLEDGE, SKILLS AND ABILITIES (KSAs)

• Deep understanding of cybersecurity threat landscapes, attack vectors, and IR methodologies.
• Strong leadership, communication, and team-building skills.
• Ability to prioritize and drive response under pressure while maintaining situational awareness.
• Experience managing cross-functional incident coordination and executive communications.
• Aptitude for analyzing complex problems and implementing practical, scalable solutions.
• Strong documentation, process improvement, and technical writing skills.

Must be able to perform essential job duties.  Work is performed primarily in an office environment. Typically requires the ability to sit for extended periods of time (66%+ each workday), hear the telephone, and enter data on a computer and may also require the ability to lift up to 10 pounds. 

Data Analysis Inc is an equal opportunity employer. All aspects of employment, including the decision to hire, promote, discipline, or discharge, will be based on merit, competence, performance, and business needs. We do not discriminate on the basis of race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other status protected under federal, state, or local law.