Incident Response & Threat Intelligence Manager
Overview:
POSITION OVERVIEWThe Incident Response & Threat Intelligence (IR/TI) Manager leads a globally distributed cyber defense team responsible for threat intelligence, incident response, digital forensics, and threat hunting across a large, complex enterprise environment. This role ensures the organization can rapidly detect, respond to, investigate, and learn from cyber threats while enabling executiveâlevel decisionâmaking during highâimpact incidents. The position partners closely with the SOC, Security Engineering, Privacy, Legal, Compliance, Technology, and Executive Leadership to reduce business risk and maintain cyber resilience at Fortune 500 scale. LOCATIONJacksonville, FL preferred or 100% remote if not local.Global onâcall responsibility for highâseverity incidents.Limited travel for incident support, leadership meetings, and readiness exercises if not local to Jacksonville, FLDUTIES & RESPONSIBILITIESGlobal Team LeadershipLead and continue to develop a geographically dispersed, followâtheâsun team across threat intelligence, digital forensics incident response, and threat hunting functions.Maintain operating models, onâcall rotations, escalation paths, and coverage aligned to global business needs.Coach senior analysts, build succession plans, and drive consistent performance, engagement, and retention.Incident ResponseOwn enterprise incident response strategy, playbooks, and readiness activities, aligned to NIST and industry best practices.Serve as Incident Commander for highâseverity cyber incidents; coordinate technical response, executive communications, and crossâfunctional decisionâmaking.Ensure effective containment, eradication, recovery, and postâincident remediation, including executiveâlevel readouts and lessons learned.Digital Forensics & InvestigationsOversee forensic acquisition and analysis across endpoints, cloud, identity, SaaS, and network environments.Ensure defensible chainâofâcustody processes and support legal, HR, privacy, and regulatory investigations as required.Maintain enterprise DFIR standards, tooling, and investigative quality.Threat IntelligenceLead strategic, operational, and tactical threat intelligence capabilities to inform detection, response, and risk prioritization.Translate intelligence into actionable outcomes, including detection engineering, threat hunting focus areas, and executive briefings.Integrate internal telemetry with external intelligence sources and trusted sharing communities.Threat Hunting & Detection EnablementDrive hypothesisâbased threat hunting aligned to adversary behaviors and businessâcritical risks.Partner with SOC and Detection Engineering teams to improve detection coverage, fidelity, and response speed.Sponsor purple team exercises to validate controls and surface gaps.Technology & AutomationOwn the roadmap and effectiveness of DFIR, TI, and threat hunting tooling (e.g. TIP and forensics platforms).Increase automation and orchestration to accelerate investigation and response at enterprise scale.Collaborate with security engineering teams to embed intelligenceâled security improvements.Governance, Risk, & Executive ReportingEnsure alignment with regulatory, legal, and internal governance requirements globally.Define, track, and report KPIs and KRIs (e.g., incident trends and threat hunting / intelligence reports) to executive and boardâlevel audiences.Translate technical risk into clear business impact and investment guidance.MINIMUM REQUIREMENTS8+ years in cybersecurity with 3+ years leading incident response and/or threat intelligence teams in large enterprises.Proven experience managing globally distributed teams and leading major cyber incidents.Strong handsâon understanding of DFIR, threat intelligence, and threat hunting processes.Experience with a wide breadth of enterprise security tooling.Experience working crossâfunctionally with Legal, Privacy, Compliance, and Executive Leadership.Exceptional written and verbal communication skills, including executiveâlevel briefings.PREFERRED EXPERIENCE Experience in a Fortune 500 or similarly complex, regulated environment.Certifications such as GCIH, GCFA, GCED, CISSP, CISM, or equivalent.Familiarity with MITRE ATT&CK, NIST 800â61, and/or SOC CMM Framework
Apply Now
POSITION OVERVIEWThe Incident Response & Threat Intelligence (IR/TI) Manager leads a globally distributed cyber defense team responsible for threat intelligence, incident response, digital forensics, and threat hunting across a large, complex enterprise environment. This role ensures the organization can rapidly detect, respond to, investigate, and learn from cyber threats while enabling executiveâlevel decisionâmaking during highâimpact incidents. The position partners closely with the SOC, Security Engineering, Privacy, Legal, Compliance, Technology, and Executive Leadership to reduce business risk and maintain cyber resilience at Fortune 500 scale. LOCATIONJacksonville, FL preferred or 100% remote if not local.Global onâcall responsibility for highâseverity incidents.Limited travel for incident support, leadership meetings, and readiness exercises if not local to Jacksonville, FLDUTIES & RESPONSIBILITIESGlobal Team LeadershipLead and continue to develop a geographically dispersed, followâtheâsun team across threat intelligence, digital forensics incident response, and threat hunting functions.Maintain operating models, onâcall rotations, escalation paths, and coverage aligned to global business needs.Coach senior analysts, build succession plans, and drive consistent performance, engagement, and retention.Incident ResponseOwn enterprise incident response strategy, playbooks, and readiness activities, aligned to NIST and industry best practices.Serve as Incident Commander for highâseverity cyber incidents; coordinate technical response, executive communications, and crossâfunctional decisionâmaking.Ensure effective containment, eradication, recovery, and postâincident remediation, including executiveâlevel readouts and lessons learned.Digital Forensics & InvestigationsOversee forensic acquisition and analysis across endpoints, cloud, identity, SaaS, and network environments.Ensure defensible chainâofâcustody processes and support legal, HR, privacy, and regulatory investigations as required.Maintain enterprise DFIR standards, tooling, and investigative quality.Threat IntelligenceLead strategic, operational, and tactical threat intelligence capabilities to inform detection, response, and risk prioritization.Translate intelligence into actionable outcomes, including detection engineering, threat hunting focus areas, and executive briefings.Integrate internal telemetry with external intelligence sources and trusted sharing communities.Threat Hunting & Detection EnablementDrive hypothesisâbased threat hunting aligned to adversary behaviors and businessâcritical risks.Partner with SOC and Detection Engineering teams to improve detection coverage, fidelity, and response speed.Sponsor purple team exercises to validate controls and surface gaps.Technology & AutomationOwn the roadmap and effectiveness of DFIR, TI, and threat hunting tooling (e.g. TIP and forensics platforms).Increase automation and orchestration to accelerate investigation and response at enterprise scale.Collaborate with security engineering teams to embed intelligenceâled security improvements.Governance, Risk, & Executive ReportingEnsure alignment with regulatory, legal, and internal governance requirements globally.Define, track, and report KPIs and KRIs (e.g., incident trends and threat hunting / intelligence reports) to executive and boardâlevel audiences.Translate technical risk into clear business impact and investment guidance.MINIMUM REQUIREMENTS8+ years in cybersecurity with 3+ years leading incident response and/or threat intelligence teams in large enterprises.Proven experience managing globally distributed teams and leading major cyber incidents.Strong handsâon understanding of DFIR, threat intelligence, and threat hunting processes.Experience with a wide breadth of enterprise security tooling.Experience working crossâfunctionally with Legal, Privacy, Compliance, and Executive Leadership.Exceptional written and verbal communication skills, including executiveâlevel briefings.PREFERRED EXPERIENCE Experience in a Fortune 500 or similarly complex, regulated environment.Certifications such as GCIH, GCFA, GCED, CISSP, CISM, or equivalent.Familiarity with MITRE ATT&CK, NIST 800â61, and/or SOC CMM Framework
Apply Now