The global specialist risk consultancy - Helping organisations succeed in a volatile world
Cyber Threat Detection & Response Team Lead
Location
California
Posted
1 day ago
Salary
$160K - $185K / year
Seniority
Senior
Job Description
Cyber Threat Detection & Response Team Lead
Control Risks
• The Cyber Detection and Response Team Lead will play a pivotal role in building and leading a world-class Detection and Response Team (DART) for a major client of Control Risks. • This is a hands-on technical leadership role responsible for standing up the team from the ground up; developing strategy, building capabilities, and leading a team of security professionals to proactively detect, investigate, and respond to cyber threats across the client's environment. • This position works in close partnership with the client's Security Engineering team to ensure detection and response capabilities are deeply integrated into the broader security architecture. • The Team Lead provides technical direction and operational oversight on all detection and response matters, ensuring the protection of the client's systems, networks, data, and cloud environments. • The role supports a strong first-line ownership model by partnering with technology and business stakeholders to embed security into planning, development, and operational activities. • Work closely with client stakeholders and the Security Engineering team, build, manage, and scale a Cyber Detection and Response Team (DART) from the ground up. • Define and implement the DART's operational model, including tiered escalation paths, on-call rotations, and coordination protocols with Security Engineering, IT, Legal, Risk, and other business stakeholders. • Lead the development of Standard Operating Procedures (SOPs) for detection and response activities, including tooling integration, reporting lines, and out-of-hours incident protocols. • Establish and continuously refine incident response playbooks aligned to the MITRE ATT&CK framework and the client's specific threat landscape. • Serve as Incident Commander for critical and high-severity cyber security incidents, directing technical response across forensics, network, endpoint, cloud, and identity workstreams. • Lead on managing the most severe cyber security incidents, including supporting responders with reporting, executive updates, root cause analysis, and remediation recommendations. • Oversee the triage of cyber events, ensuring rapid identification, investigation, containment, and remediation. • Lead proactive threat hunting operations to identify potential compromises, undetected adversary activity, and gaps in detection coverage. • Integrate threat intelligence into DART workflows and leverage intelligence to inform response and prevention strategies. • Conduct regular check-ins, provide coaching and feedback, manage performance reviews and improvement plans, and support career development with the members of your team. • Serve as the main liaison between team members and the ECS program management team, ensuring timely program and personnel updates and controlling quality on client deliverables. • With the support of the Talent Acquisition team, participate in hiring processes ensuring team resourcing aligns with client expectations and program needs. • Lead onboarding tasks (e.g., joiner tickets, scheduling, equipment, success plans), manage offboarding logistics and leaver tickets, and ensure operational continuity. • Manage team schedules, approve PTO, ensure timesheet compliance, and maintain a consistent high-quality service to the client. • Working closely with the ECS program management team, align on overall program strategy and priorities to create clear, actionable team deliverables.
Job Requirements
- 10+ years of progressive experience in cybersecurity, with significant depth in incident response, detection engineering, SOC operations, or cyber defense.
- 3+ years in a leadership role managing or building a detection and response, SOC, or incident response team.
- Deep, hands-on knowledge of incident response, digital forensics, malware analysis, and threat hunting methodologies.
- Hands-on experience with detection and response technologies including SIEM (e.g., Splunk, Microsoft Sentinel), SOAR, EDR/XDR (e.g., CrowdStrike, SentinelOne), NDR, IDS/IPS, and log management platforms.
- Strong understanding of the MITRE ATT&CK framework, NIST Cybersecurity Framework (800-61, 800-53), and industry best practices for incident response lifecycle management.
- Proven experience working in close partnership with Security Engineering teams to develop and tune detection logic, automate response workflows, and harden security architecture.
- Ability to translate complex technical exploit chains and risks into business-impact narratives for executive leadership (C-Suite, Board-level).
- Experience building operational processes, escalation frameworks, and playbooks from the ground up.
- Strong understanding of cloud security (AWS, Azure, GCP) and modern enterprise environments including identity platforms, zero trust architecture, and containerized workloads.
- Familiarity with threat intelligence platforms (e.g., Recorded Future, OpenCTI, MISP) and integrating CTI into detection and response workflows.
- Understanding of legal and regulatory frameworks around SOC and incident response activities across multiple jurisdictions.
- Relevant certifications: CISSP, CISM, GIAC (GCIH, GCFA, GCIA, GSOM), or equivalent.
Benefits
- Medical Benefits, Prescription Benefits, FSA, Dental Benefits, Vision Benefits, Life and AD&D, Voluntary Life and AD&D, Disability Benefits, Voluntary Benefits, 401 (K) Retirement, Nationwide Pet Insurance, Employee Assistance Program.
- As an equal opportunities employer, we encourage suitably qualified applicants from a wide range of backgrounds to apply and join us and are fully committed to equal treatment, free from discrimination, of all candidates throughout our recruitment process.
- Control Risks is committed to a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age or veteran status. If you require any reasonable adjustments to be made in order to participate fully in the interview process, please let us know and we will be happy to accommodate your needs.
Related Guides
Related Categories
Related Job Pages
More General Jobs
Senior Associate, Service Delivery
bswiftHelping companies be ready for all their benefits needs, today and tomorrow.
• The Senior Associate, Service Delivery is responsible for maintaining and supporting client benefits websites, documenting and executing benefits-related processes, and providing advanced operational and technical support to clients and the bswift service center. • This role plays a key part in client implementations, issue resolution, continuous improvement efforts, and mentoring team members—while consistently modeling bswift’s core values. • Consistently demonstrate bswift’s core values: Deliver Superior Service, Embrace Accountability, Pursue Excellence, and Be a Great Place to Work. • Resolve client issues by responding to inquiries regarding bswift products, leveraging research and internal systems to identify solutions. • Triage client tickets and inquiries (email and voicemail) within 24 hours, maintaining ownership through resolution, including escalation support and proactive client updates. • Communicate proactively and professionally with clients using a positive, solution-oriented approach. • Maintain a thorough understanding of all internal systems to support general and specialized client requests. • Support and provide technical guidance during the implementation of new client benefits websites. • Maintain and update client sites as requirements change, including benefit class matrices, requirements documentation, rates, permissions, field options, site text, and question logs. • Perform quality assurance testing on client sites; track, monitor, and support issue resolution. • Manage workflow related to the setup and ongoing maintenance of carrier and payroll feeds. • Prepare and deliver technical and product presentations, demonstrations, and trainings, including open enrollment demos, plan changes, site text updates, and release functionality. • Lead and create agendas for client meetings, as required. • Identify and help drive continuous process improvements and operational efficiencies. • Develop and implement fulfillment procedures. • Coach and mentor team members; share insights, ideas, and customer needs across bswift teams throughout the product lifecycle. • Assist with sales and marketing activities, as needed. • Support special projects and additional responsibilities as assigned.
Customer Support, German
Kulture Talent- Global Recruiting | Global Consulting | Global OutsourcingA Global Human Capital Consulting & Outsourcing Company that partners with clients to develop the best talent pipelines
• Communicate effectively with German-speaking customers by phone, email and chat to clarify questions and provide support. • Ensure a high level of customer satisfaction by understanding and meeting customer needs quickly and professionally. • Resolve customer issues using problem-solving skills and by collaborating with relevant internal teams. • Maintain accurate, detailed records of customer interactions in our customer relationship management (CRM) system. • Stay informed about the company's products, services and policies to serve customers effectively. • Contribute to a positive team environment and share insights to improve overall customer support quality.
Team Leader – Turkish, English
Kulture Talent- Global Recruiting | Global Consulting | Global OutsourcingA Global Human Capital Consulting & Outsourcing Company that partners with clients to develop the best talent pipelines
• Manage a group of around 10 to 12 remote support agents • Act as the main point of contact for your team • Offer coaching and support on day-to-day challenges • Monitor and drive performance metrics (KPIs) • Conduct training on tools, soft skills, and support channels • Collaborate with departments like Training, Quality Assurance, and HR • Conduct interviews and support onboarding for new members
Psychiatrist
Grupo Med MaisA maior empresa de Emergency Response do Brasil. Urgência e Emergência, Prevenção e Combate ao Incêndio e SST.
• Conduct psychiatric consultations via telemedicine. • Assess, diagnose, and monitor patients. • Develop treatment plans and prescribe therapies when necessary. • Document consultations in the electronic medical record. • Ensure ethical, compassionate, and confidential care.
