Incident Response Lead

Role Summary

The Incident Response Lead is a senior cybersecurity professional responsible for overseeing and executing the full incident response lifecycle within a hybrid cloud and on-premises environment. This role functions as the technical authority during active cybersecurity incidents, providing leadership, coordination, and investigation expertise to rapidly contain and remediate threats. The position requires a strategic thinker with extensive experience in incident response, digital forensics, and cybersecurity operations, with an emphasis on cloud infrastructure and operational maturity.

Responsibilities

• Lead and coordinate all phases of the incident response process, including detection, analysis, containment, eradication, recovery, and post-incident review.
• Serve as the primary investigator for high-severity cybersecurity incidents, managing scope, timelines, and documentation.
• Maintain situational awareness and provide timely updates to SOC leadership, cybersecurity engineering teams, and external stakeholders.
• Collaborate with cloud, network, identity, and system administration teams during active response efforts to ensure swift containment.
• Act as escalation decision authority for containment measures and service disruptions, balancing operational impact.
• Lead digital forensics and incident response investigations across host, network, and cloud environments, guiding analysts in the use of EDR, SIEM, and NDR tools.
• Validate Indicators of Compromise (IOCs), Indicators of Attack (IOAs), malware, and lateral movement techniques, ensuring evidence integrity for audit and legal purposes.
• Develop, update, and refine incident response playbooks, runbooks, and operational workflows to improve SOC effectiveness.
• Lead readiness activities such as tabletop exercises, purple team drills, and threat hunting initiatives to enhance team preparedness.
• Partner with multi-disciplinary teams and external agencies, including legal, public affairs, and third-party responders, during incidents.

Qualifications

• 10-12 years of direct cybersecurity experience within a Security Operations Center (SOC), including a minimum of 6 years in incident response or digital forensics and incident response (DFIR).
• Proven ability to lead high-impact incidents involving cloud infrastructure, particularly AWS.
• Expertise in digital forensics methodologies covering host, network, and cloud environments.
• Strong analytical skills in log analysis, SIEM tools (e.g., Splunk), EDR (e.g., Trellix), and network analysis techniques.
• Deep understanding of cybersecurity frameworks such as MITRE ATT&CK, NIST SP 800-61, and the cyber kill chain.
• Excellent communication skills with the ability to brief executive leadership and coordinate cross-functionally during crises.
• This position requires eligibility for a U.S. Government security clearance. Under federal law, eligibility for a security clearance generally requires U.S. citizenship (ability to obtain a Public Trust 6C clearance).
• Relevant cybersecurity certifications such as GCIA, GCFA, GCFE, GNFA, GCIH, or GDAT are highly desirable.
• Experience mentoring incident responders and maturing SOC/IR capabilities.
• Strong problem-solving skills and the ability to work effectively under pressure.

About GDH:

At GDH, we believe in the power of people and the importance of caring. Our culture statement, “We care about people,” isn’t just a tagline – it’s the core of everything we do. GDH is a premier staffing and talent solutions company dedicated to helping businesses find the best talent and assisting job seekers in finding their dream jobs.

Who We Are:

GDH, founded in 2001, has grown into a leader in providing staffing solutions across various industries. We specialize in IT across several sectors, connecting top talent with leading enterprises. As a Best of Staffing firm recognized for excellence in client, employee, talent, and women’s services, we pride ourselves on our commitment to quality and service.

GDH Benefits

GDH offers a range of employee benefits that are designed to promote well-being and help maintain a healthy work-life balance. These comprehensive benefits cover various aspects of an employee’s life and aim to enhance their overall experience with the company. Our health benefits include three medical insurance options with access to KISx Card, Zero Card, and HealthJoy concierge services. Other plan offerings include dental, vision, life, disability, supplemental insurance, and pet insurance plans. Enjoy additional perks like holiday pay, 401(k) plan, direct deposit, an employee referral program, work-life balance benefits, a Wellbeats membership, a discounted gym membership program, and more! For more detailed information on benefits, please go to GDH’s website under the tab for candidates.

GDH provides equal employment opportunities (EEO) to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, gender, sex (including pregnancy), sexual orientation, gender identity, national origin, age, disability, genetic information, marital status, ancestry, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable federal, state, and local laws. Applicants with disabilities who require an accommodation or assistance in applying and/or for interviewing, please contact our HR Department.