Lead - Threat Detection & Response

As a leader within the firm's global cyber defense function, this individual will oversee major incident command, elevate detection maturity, and build a world-class operational rhythm designed to strengthen readiness, response quality, and organizational resilience across a complex hybrid, cloud‑first, and identity‑first environment.

Key Responsibilities

• Serve as the US Regional Lead for all high‑severity cyber incidents, acting as primary Incident Commander and driving containment strategy, investigative direction, stakeholder communication, and recovery prioritization.
• Lead a multi-disciplinary Computer Incident Response Team (CIRT), collaborating with SOC Engineering, threat detection engineers, cloud and infrastructure teams, and senior technology leadership.
• Direct the full incident lifecycle for ransomware, extortion, Business Email Compromise (BEC), cloud account compromise, token/key theft, data exfiltration, insider risk, and other advanced threat scenarios relevant to the financial industry.
• Strengthen detection and investigative coverage across cloud control planes, SaaS ecosystems, containers/Kubernetes, serverless workloads, CI/CD pipelines, network telemetry, endpoint telemetry, and identity telemetry.
• Drive improvement of key performance metrics such as MTTR, MTTC, time-to-triage, and containment SLA adherence, ensuring high-quality and timely response.
• Develop and enhance automation and agentic workflows, including SOAR-driven playbooks and AI-assisted capabilities for alert summarization, correlation support, timeline generation, and enrichment.
• Ensure strong governance, auditability, and human‑in‑the‑loop controls aligned with regulatory expectations in investment management environments.
• Partner with MSSP teams within a hybrid SOC model to refine escalation criteria, severity definitions, detection validation, and ensure 24/7 global response readiness.
• Lead advanced threat hunting, purple team operations, and adversary simulation exercises using tools like Atomic Red Team, Caldera, and Cymulate.
• Validate detection coverage and telemetry hygiene; identify operational pain points and drive structured learning loops that enhance repeatability and resilience.
• Conduct post-incident reviews and drive long-term defensive improvements, aligning findings to operational, technical, and business-level remediations.
• Oversee executive-level tabletop exercises and simulation events to enhance readiness across technical teams and business stakeholders.
• Produce high-quality investigative narratives, case summaries, and evidence documentation suitable for executives, auditors, and regulatory bodies.
• Contribute to the evolution of AI-enabled operating models that support scaled, high-speed detection, triage, and response.

Qualifications

• Extensive experience leading Threat Detection & Response functions within hybrid and cloud-native environments; experience in financial services or investment management strongly preferred.
• Proven ability to serve as an Incident Commander for high-severity or business-critical cyber events.
• Deep knowledge of federated identity, IAM abuse patterns, conditional access models, and identity-first architectures.
• Strong understanding of SOAR platforms, automated response workflows, telemetry pipelines, and SOC engineering principles.
• Advanced knowledge of adversary TTPs, detection engineering fundamentals, and telemetry across cloud, identity, network, and endpoint domains.
• Exceptional communication skills with the ability to deliver clear, concise executive briefings and investigative narratives.
• Demonstrated success driving operational excellence, improving security KPIs, and fostering a high-performance defensive culture.
• Ability to work fully onsite five days per week in New York City or Boston (NYC preferred) as a core leader within the US security operations organization.

Candidates must submit a resume with full name (first & last) and contact information in order to be considered. No C2C/C2H.