Cybersecurity Incident Response Lead

OPSWAT, a global leader in IT, OT, and ICS critical infrastructure cybersecurity, delivers an end-to-end platform that gives public and private sector organizations and enterprises the critical advantage needed to protect their complex networks, secure their devices, and ensure compliance. Over the last 20 years our commitment to innovative technology has earned the trust of more than 1,700 organizations, governments, and institutions globally, solidifying our role in protecting the world’s critical infrastructure and securing our way of life.

The Position

The Cybersecurity Incident Response Lead acts as the primary point of contact for incident response, ensuring effective incident management and response strategies are in place. You will lead detailed investigations and analysis of security-related findings, alerts, and events.

What You Will Be Doing 

• Incident Leadership: Lead and coordinate all incident response activities, ensuring timely and effective action to minimize damage and restore normal operations following security incidents
• Investigation and Analysis: Conduct in-depth investigations to determine the root cause of security incidents, analyze the impact on organizational assets, and develop appropriate remediation strategies.
• Threat Hunting: Proactively search for indicators of compromise (IOCs) and potential threats within the organization’s environment to identify and mitigate risks before they escalate into incidents.
• Forensic Analysis: Conduct digital forensics to gather evidence, analyze malware, and reconstruct attack timelines to support incident investigations and legal proceedings if necessary.
• Process Enhancement: Continuously evaluate and enhance existing incident response processes, documents, tools, and technologies to improve efficiency and effectiveness.
• Incident Simulation and Testing: Develop and execute tabletop exercises and simulate cyberattack scenarios to test the organization’s incident response readiness and improve team preparedness.
• Threat Intelligence Integration: Integrate threat intelligence feeds into the incident response process to stay ahead of emerging threats and adapt response strategies accordingly.
• Tool Management: Oversee the implementation, and optimization of incident response tools and technologies, such as SIEM and forensic tools.
• Collaborate with stakeholders to prioritize and remediate vulnerabilities that could be exploited in future attacks and prevent incidents.
• Documentation and Reporting: Maintain accurate and detailed documentation of all incident response activities, including timelines, actions taken, and lessons learned. Generate comprehensive reports on incident trends and effectiveness of response efforts.
• Performing other tasks as assigned by Direct Supervisor.

What We Need From You:

• Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field. Relevant certifications such as CISSP, GCIH, CEH, or similar are highly desirable.
• Minimum of 5 years of experience in cybersecurity, with at least 3 years of direct experience in incident response.
• Strong technical knowledge of security technologies (e.g., Endpoint protection, SIEM, IDS/IPS, Firewall…).
• Excellent analytical and problem-solving skills, with the ability to quickly assess complex situations, identify key issues, and develop effective solutions.
• Familiarity with industry frameworks such as NIST, ISO 27001, or CIS Controls.
• Strong written and verbal communication skills, with the ability to effectively communicate technical information to both technical and non-technical audiences.

OPSWAT is an equal opportunity employer. We celebrate diversity and are committed to providing an environment where equal employment opportunities are extended to all employees and applicants, free of discrimination and harassment of any type. All employment decisions are based on individual qualifications, job requirements, and business needs without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other category protected by federal, state, or local laws.

Recruiting Agencies: we do not accept unsolicited resumes from third party agencies for any of our open positions. To submit resumes for our jobs, there must be a recruiting contract approved by our legal team and endorsed by both parties. We are currently not accepting additional 3rd party agencies at this time.