Manager, Incident Response

Basic Function

The Security Operations Center (SOC) team at Lumin Digital is responsible for all phases of the security incident lifecycle, including preparation, identification, containment, eradication, recovery, and reviewing lessons learned.  This team is responsible for these lifecycle activities, both for internal corporate IT systems as well as the digital banking solutions that Lumin Digital develops and hosts to serve millions of consumers across the globe.  This role serves as the leader of this function: overseeing incident response operations, driving improvements in threat detection and response capabilities, and coordinating across technical and business teams to ensure active monitoring, timely escalation, and measurable outcomes.

Essential Functions and Responsibilities:

Identify emerging industry threats, observed trends, and industry best practices guidelines to identify gaps and identify, plan, design, and enhance security controls in collaboration with other risk engineering teams

Develop comprehensive and insightful fact-based reports on SOC metrics, such as MTTD, MTTR, and coverage, and trends, and present them to internal leadership and client security teams on a regular basis

Produce and deliver job-specific education and training to SOC team members on emerging threats and technologies using structured approaches to threat and risk management

Review the technical methods and output of the SOC team to ascertain the quality and fit of solutions, and provide constructive and detailed feedback to improve team members’ ability to perform their duties

Lead formalized security incident response procedures as part of a team, including all phases of the incident handling lifecycle, from preparation through lessons learned

Collect evidence of SOC activities to satisfy client due diligence requests as well as support internal and external audit activities

Perform other duties as assigned.

Supervisory Responsibility:

Set clear expectations, offer direction, and ensure alignment with organizational goals while fostering a supportive environment that encourages collaboration, accountability, and growth.

Coach, mentor, and provide training opportunities to build team members’ skills, promote internal growth, and prepare staff for future roles and responsibilities.

Manage hiring, onboarding, performance evaluations, promotions, compensation, and terminations, ensuring fair and consistent application of policies and procedures.

Assess team performance regularly, address gaps, and ensure duties are completed efficiently and effectively in alignment with department and organizational objectives.

Position Specifications

Education: 

Bachelor's degree in Information Assurance, Information Security, Cybersecurity, or related field is required; or equivalent combination of education and experience in cybersecurity with demonstrated command of key SOC concepts and technologies and proficiencies in threat modeling, detective and preventative controls, digital forensics, incident response, OSINT, network penetration testing, and other relevant technical security risk management domains.

Certifications relevant to security operations or management of SOC teams, such as the GCIH, GCIA, GSOM, or CISM, are preferred.

Experience:

5 years of hands-on technical experience directly working with detective security controls, including layer 3, 4, and 7 firewalls, log aggregation, endpoint detection and response, and public cloud security posture management required.

3 years of experience leading or driving incident response efforts within a Security Operations Center (SOC) or equivalent function required. Experience may include mentoring teammates, coordinating cross-functional responses, or owning end-to-end incident management processes, preferably in financial institutions or fintech environments.

Experience with large-scale AWS operating environments, Linux, Kubernetes, Git, and scripting languages required.

Experience analyzing and summarizing security operations information to characterize trends in threats, vulnerabilities, and posture to internal management teams is required.  Applicants are invited to provide an example or excerpt of a report or presentation they solely developed, with any confidential information redacted, in their cover letter that illustrates this experience and skill.

Knowledge, Skills, & Abilities:

Excellent teamwork skills, including the ability to lead with command and confidence under pressure and uncertainty

Excellent data analysis skills, including using tools like Excel and OpenSearch, to customize and report on key metrics specifically useful for the company and relevant to the current threat environment and organizational needs of the company

Strong written and verbal communication skills, including the ability to develop clear, data-driven reports and presentations using Google Docs, Slides, or R

Strong presentation delivery skills, including the ability to speak confidently to underlying data and data-driven insights to internal teams, and, as needed, to clients’ technical or management teams

Ability to read, comprehend, and contextualize technical details contained in vulnerability assessments and penetration testing reports accurately

Ability to respectfully challenge norms and appropriately question assumptions and approaches to uncover and critically evaluate operational blind spots or procedural weaknesses

Working knowledge of network security concepts, including TLS termination and introspection, connection fingerprinting, and intrusion detection tools and techniques

Working knowledge of cloud security concepts, including the AWS shared responsibility model and AWS security services such as GuardDuty, IAM Analyzer, Inspector, Macie, and Security Hub CSPM

Working knowledge of application security concepts as they relate to detecting anomalous and threatening HTTPS and WebSocket activity, including those covered by the OWASP Top 10 and the Common Weakness Enumeration

Working knowledge of vulnerability prioritization methods, including through the Common Vulnerability Scoring System (CVSS) and the Exploit Prediction Scoring System (EPSS)

Working knowledge of detection engineering principles and best practices to effectively articulate and advocate for the needs of the SOC as an internal customer of supporting risk engineering teams 

Calm and serious attitude, technical aptitude, appropriate sense of urgency, and communication skills to effectively coordinate with internal team members to remediate vulnerabilities and reduce security risks

Must have strong client orientation and demonstrate professional demeanor that earns the trust and respect of individuals inside and outside Lumin Digital

Ability to prioritize tasks, exercise sound judgment, and maintain confidentiality with sensitive information

Ability to work remotely while maintaining a high level of productivity and effectiveness, managing a highly performing team with limited or no supervision

Travel: 

Minimal, generally 12 days or less per year