Cybersecurity Incident Response Lead

Optomi, in partnership with a leading organization, is looking for a Cybersecurity Incident Lead to drive the security incident response program and improve organizational resilience against threats.

We are seeking a Cybersecurity Incident Lead to lead the coordination, execution, and continuous improvement of our security incident response program. This role focuses on ensuring security incidents are identified, triaged, contained, communicated, and learned from effectively across a complex, multi-business-unit environment. The Incident Manager will act as the central operational leader during security incidents, bridging Security Operations, IAM, Engineering, Legal, Communications, and business stakeholders.

This position is critical to reducing response time, limiting business impact, and improving resilience against recurring threats such as social engineering, identity abuse, and cloud exposure.

• Leading cross-functional teams during high-pressure security incidents
• Contributing to the maturity and readiness of the organization's incident management framework
• Collaborating with stakeholders across technical and non-technical teams
• Opportunities to drive automation and efficiency in incident workflows

• 5-8 years of experience managing or coordinating the full lifecycle of security incidents in an enterprise environment
• Proven ability to lead through influence across technical and non-technical teams
• Excellent written and verbal communication skills, including experience briefing senior leadership
• Experience with security tooling such as SIEM, EDR, IAM platforms, cloud security, DSPM tools, and ticketing systems
• Strong understanding of security operations workflows, attack techniques, and mitigation strategies
• Calm, structured decision-making under pressure

• Act as the primary incident coordinator for cybersecurity events, including social engineering, identity compromise, data exposure, and cloud security incidents
• Lead incident triage, severity classification, and escalation to rapidly engage appropriate technical, business, and executive stakeholders
• Conduct in-depth investigation and analysis of active and historical incidents to identify attack vectors, root causes, and emerging threat patterns
• Orchestrate containment, eradication, and recovery efforts across Security Operations, IAM, Security Engineering, IT, and impacted business units
• Drive post-incident reviews and ensure corrective actions, lessons learned, and remediation plans are documented and executed
• Develop, maintain, and continuously improve incident response playbooks, escalation paths, and communication templates
• Own incident communications, delivering timely situation updates, post-incident reports, and executive-level briefings
• Plan and lead tabletop exercises and incident simulations focused on high-risk and enterprise-critical threat scenarios
• Contribute to recurring security and executive reporting by analyzing incident trends, metrics, and operational insights