Manager, Incident Response

Basic Function: The Incident Response Manager at Lumin Digital leads the organization’s response to cybersecurity threats impacting both corporate systems and hosted digital banking platforms serving millions of consumers globally. This role is responsible for directing all phases of the incident response lifecycle, including preparation, identification, containment, eradication, recovery, and post-incident review. As the operational lead for security incidents, the Incident Response Manager provides decisive leadership during high-impact events, ensuring timely detection, effective containment, clear stakeholder communication, and measurable remediation outcomes. This position partners closely with SOC analysts, engineering teams, business leaders, and client stakeholders to strengthen response capabilities, enhance detection strategies, and continuously improve organizational resilience against evolving threats. Essential Functions and Responsibilities: Identify emerging industry threats, observed trends, and industry best practices guidelines to identify gaps and identify, plan, design, and enhance security controls in collaboration with other risk engineering teams. Develop comprehensive and insightful fact-based reports on SOC metrics, such as MTTD, MTTR, and coverage, and trends, and present them to internal leadership and client security teams on a regular basis. Produce and deliver job-specific education and training to SOC team members on emerging threats and technologies using structured approaches to threat and risk management. Review the technical methods and output of the SOC team to ascertain the quality and fit of solutions, and provide constructive and detailed feedback to improve team members’ ability to perform their duties. Lead formalized security incident response procedures as part of a team, including all phases of the incident handling lifecycle, from preparation through lessons learned. Collect evidence of SOC activities to satisfy client due diligence requests as well as support internal and external audit activities Perform other duties as assigned. Physical Demands: While performing the duties of this Job, the employee is regularly required to sit; use hands to type, handle, or feel and talk or hear.  Specific vision abilities required by this job include close visionAbility to occasionally lift/move up to 25 pounds. Individuals with a disability who are otherwise able to perform the essential functions of the job may request reasonable accommodation through the Human Resources department. Supervisory Responsibility: Set clear expectations, offer direction, and ensure alignment with organizational goals while fostering a supportive environment that encourages collaboration, accountability, and growth. Coach, mentor, and provide training opportunities to build team members’ skills, promote internal growth, and prepare staff for future roles and responsibilities. Manage hiring, onboarding, performance evaluations, promotions, compensation, and terminations, ensuring fair and consistent application of policies and procedures. Assess team performance regularly, address gaps, and ensure duties are completed efficiently and effectively in alignment with department and organizational objectives. Position Specifications Education:  Bachelor's degree in Information Assurance, Information Security, Cybersecurity, or related field is required; or equivalent combination of education and experience in cybersecurity with demonstrated command of key SOC concepts and technologies and proficiencies in threat modeling, detective and preventative controls, digital forensics, incident response, OSINT, network penetration testing, and other relevant technical security risk management domains. Certifications relevant to security operations or management of SOC teams, such as the GCIH, CISSP, GCIA, GSOM, or CISM, are preferred. Experience: Minimum 5 years of hands-on technical experience directly working with detective security controls, including layer 3, 4, and 7 firewalls, log aggregation, endpoint detection and response, and public cloud security posture management required. Minimum 3 years leading or driving incident response efforts within a SOC or equivalent function. Minimum 2 years of experience in a formal management role within security operations, incident response, or a related cybersecurity function. Experience serving in an incident command or incident coordination capacity during high-severity events. Experience managing or administering enterprise EDR and SIEM platforms, including detection tuning, alert triage, investigation, and response. Experience integrating and operationalizing threat intelligence feeds to enhance detection and response capabilities. Experience operating in large-scale AWS environments. Proficiency with Linux, Kubernetes, Git, and scripting languages. Demonstrated experience analyzing and synthesizing security operations data to identify trends and communicate risk posture to leadership. Experience in financial services or fintech environments preferred. Knowledge, Skills, & Abilities: Incident Leadership & Professional Attributes Demonstrated ability to lead with confidence and composure under pressure and uncertainty. Calm, decisive demeanor with appropriate sense of urgency during security events. Strong teamwork and cross-functional collaboration skills. Strong client orientation with a professional presence that builds trust and credibility internally and externally. Ability to prioritize tasks, exercise sound judgment, and maintain strict confidentiality. Ability to work effectively in a remote environment while sustaining high performance and team accountability. Communication & Reporting Strong written and verbal communication skills, including the ability to develop clear, data-driven reports and presentations using tools such as Google Docs and Slides. Strong presentation delivery skills with the ability to confidently speak to underlying data, trends, and risk insights for both technical and executive audiences. Ability to translate complex technical findings into actionable insights for business stakeholders and clients. Data Analysis & Metrics Excellent data analysis skills, including use of tools such as Excel and OpenSearch to customize reporting and measure key security metrics (e.g., detection effectiveness, response performance). Ability to interpret trends in threats, vulnerabilities, and operational posture to inform strategic improvements. Security Architecture & Risk Concepts Working knowledge of network security concepts, including TLS inspection, connection fingerprinting, and intrusion detection techniques. Working knowledge of cloud security principles, including the AWS shared responsibility model and AWS services such as GuardDuty, IAM Access Analyzer, Inspector, Macie, and Security Hub. Working knowledge of application security concepts, including OWASP Top 10 and Common Weakness Enumeration (CWE), particularly as they relate to detecting anomalous HTTPS and WebSocket activity. Working knowledge of vulnerability prioritization methodologies, including CVSS and EPSS. Understanding of detection engineering principles and best practices to effectively advocate for SOC monitoring and telemetry requirements. Security Operations Platforms & Tooling Endpoint Detection & Response (EDR): Knowledge of EDR platforms with the ability to deploy, tune, and manage endpoint telemetry and detections; investigate alerts; and lead containment and remediation of endpoint-based incidents. Security Information & Event Management (SIEM): Knowledge of SIEM architecture and log correlation with the ability to develop and optimize detection use cases and dashboards; analyze and correlate events to detect and respond to security threats. Threat Intelligence Platforms: Knowledge of the threat intelligence lifecycle and supporting platforms with the ability to integrate and operationalize intelligence feeds and translate intelligence into actionable detection and prevention strategies. Travel:  Minimal, generally 12 days or less per year