Capital Group · 2 months ago
Cyber Security Incident Response Team Manager
Irvine
Full-time
Onsite
Senior Level
$190K/yr - $304K/yr
7+ years expCapital Group is a leading financial services company seeking a Cyber Security Incident Response Team Manager to lead their global team of analysts. This role involves managing incident response activities, enforcing policies, and serving as a point of escalation during critical cybersecurity events.
Financial Services
Responsibilities
Lead and mentor a globally distributed team of security analysts and engineers responsible for initial detection, triage, containment, and advanced investigation of security incidents
Serve as incident commander and escalation point for high-severity incidents, including ransomware, account compromise, phishing, and data leakage
Architect and automate Integrate AI/ML-driven threat detection and behavioral analytics into IR processes. Design incident response workflows using SOAR platforms and custom scripting (Python, PowerShell, Bash, etc.) to improve mean time to respond (MTTR)
Implement and enforce IR playbooks, policies, and best practices aligned with NIST and MITRE ATT&CK frameworks
Coordinate cross-functional response with IT, developers, legal, privacy, and business continuity teams
Analyze and prioritize complex incidents, ensuring adherence to SLAs and regulatory/privacy requirements
Continuously improve detection, response, and reporting processes through metrics, trends, KPIs, KRI’s and post-incident reviews
Conduct tabletop exercises and oversee vulnerability and penetration testing assessments to identify gaps
Stay current with emerging threats, attacker TTPs, and integrate threat intelligence into response strategies
Foster a culture of learning and technical excellence, supporting team certifications and hands-on development
Qualification
Required
7+ years in cybersecurity (SOC and IR), including 3+ years in a leadership role
Certifications such as GCIH, GCFA, GCFE, CISSP, OSCP, or equivalent highly desirable
Proven ability to lead distributed teams under pressure and in high-stakes environments
Proven expertise with traditional and Next-Generation SIEM platforms such as Splunk, Sentinel, QRadar, Exabeam, and CrowdStrike Falcon
Strong proficiency in SQL and query optimization across modern data lake platforms (e.g., Snowflake, Databricks, Azure Data Lake)
Familiarity with Cribl LogStream, data normalization, and enrichment strategies for high-fidelity alerting
Advanced knowledge of attacker methods (escalation, lateral movement, TTPs)
Familiarity with cloud IR (AWS, Azure) and hybrid environments
Strong understanding of forensic analysis, malware reverse engineering, and threat hunting
Exceptional organizational, communication, and decision-making abilities
Proven ability to foster team well-being, prevent burnout, and support professional growth
Ability to remain calm under pressure and manage team well-being
Experience in building dashboards, metrics, and reporting frameworks
Preferred
Bachelor's degree in Cybersecurity, Computer Science, or related field preferred
Hands-on coding in Python (preferred), PowerShell, Bash, or similar languages
Benefits
Individual annual performance bonus
Capital’s annual profitability bonus
Retirement plan where Capital contributes 15% of your eligible earnings
Company
Capital Group
Capital Group was established in 1931 in Los Angeles, California, and now has 31 offices around the globe.
Founded in 1931Los Angeles, CA, US
5001-10000 employees
Funding
Current Stage
Late StageLeadership Team
Mike Gitlin
President & CEO
Canise Arredondo (she/her/hers)
Chief Financial Officer
Recent News
2024-05-06
2024-04-17
2024-02-27
Company data provided by crunchbase