Incident Response & Threat Intelligence Manager

POSITION OVERVIEW

The Incident Response & Threat Intelligence (IR/TI) Manager leads a globally distributed cyber defense team responsible for threat intelligence, incident response, digital forensics, and threat hunting across a large, complex enterprise environment. This role ensures the organization can rapidly detect, respond to, investigate, and learn from cyber threats while enabling executive‑level decision‑making during high‑impact incidents.

The position partners closely with the SOC, Security Engineering, Privacy, Legal, Compliance, Technology, and Executive Leadership to reduce business risk and maintain cyber resilience at Fortune 500 scale.

LOCATION

• Jacksonville, FL preferred or 100% remote if not local.
• Global on‑call responsibility for high‑severity incidents.
• Limited travel for incident support, leadership meetings, and readiness exercises if not local to Jacksonville, FL

DUTIES & RESPONSIBILITIES

Global Team Leadership

• Lead and continue to develop a geographically dispersed, follow‑the‑sun team across threat intelligence, digital forensics incident response, and threat hunting functions.
• Maintain operating models, on‑call rotations, escalation paths, and coverage aligned to global business needs.
• Coach senior analysts, build succession plans, and drive consistent performance, engagement, and retention.

Incident Response

• Own enterprise incident response strategy, playbooks, and readiness activities, aligned to NIST and industry best practices.
• Serve as Incident Commander for high‑severity cyber incidents; coordinate technical response, executive communications, and cross‑functional decision‑making.
• Ensure effective containment, eradication, recovery, and post‑incident remediation, including executive‑level readouts and lessons learned.

Digital Forensics & Investigations

• Oversee forensic acquisition and analysis across endpoints, cloud, identity, SaaS, and network environments.
• Ensure defensible chain‑of‑custody processes and support legal, HR, privacy, and regulatory investigations as required.
• Maintain enterprise DFIR standards, tooling, and investigative quality.

Threat Intelligence

• Lead strategic, operational, and tactical threat intelligence capabilities to inform detection, response, and risk prioritization.
• Translate intelligence into actionable outcomes, including detection engineering, threat hunting focus areas, and executive briefings.
• Integrate internal telemetry with external intelligence sources and trusted sharing communities.

Threat Hunting & Detection Enablement

• Drive hypothesis‑based threat hunting aligned to adversary behaviors and business‑critical risks.
• Partner with SOC and Detection Engineering teams to improve detection coverage, fidelity, and response speed.
• Sponsor purple team exercises to validate controls and surface gaps.

Technology & Automation

• Own the roadmap and effectiveness of DFIR, TI, and threat hunting tooling (e.g. TIP and forensics platforms).
• Increase automation and orchestration to accelerate investigation and response at enterprise scale.
• Collaborate with security engineering teams to embed intelligence‑led security improvements.

Governance, Risk, & Executive Reporting

• Ensure alignment with regulatory, legal, and internal governance requirements globally.
• Define, track, and report KPIs and KRIs (e.g., incident trends and threat hunting / intelligence reports) to executive and board‑level audiences.
• Translate technical risk into clear business impact and investment guidance.

MINIMUM REQUIREMENTS

• 8+ years in cybersecurity with 3+ years leading incident response and/or threat intelligence teams in large enterprises.
• Proven experience managing globally distributed teams and leading major cyber incidents.
• Strong hands‑on understanding of DFIR, threat intelligence, and threat hunting processes.
• Experience with a wide breadth of enterprise security tooling.
• Experience working cross‑functionally with Legal, Privacy, Compliance, and Executive Leadership.
• Exceptional written and verbal communication skills, including executive‑level briefings.

PREFERRED EXPERIENCE

• Experience in a Fortune 500 or similarly complex, regulated environment.
• Certifications such as GCIH, GCFA, GCED, CISSP, CISM, or equivalent.
• Familiarity with MITRE ATT&CK, NIST 800‑61, and/or SOC CMM Framework