Director of Incident Response
Dallas, TX · On-site
Own major incident command for all Sev-0 and Sev-1 events, security and operational, including ... contractual incident disclosures, and customer trust reporting for enterprise accounts * Co-own ...
Dallas, TX · On-site
Own major incident command for all Sev-0 and Sev-1 events, security and operational, including ... contractual incident disclosures, and customer trust reporting for enterprise accounts * Co-own ...
Dallas, TX · On-site
Own major incident command for all Sev-0 and Sev-1 events, security and operational, including ... contractual incident disclosures, and customer trust reporting for enterprise accounts * Co-own ...
Dallas, TX · On-site
Own major incident command for all Sev-0 and Sev-1 events, security and operational, including ... contractual incident disclosures, and customer trust reporting for enterprise accounts * Co-own ...
Dallas, TX · On-site
Own major incident command for all Sev-0 and Sev-1 events, security and operational, including ... contractual incident disclosures, and customer trust reporting for enterprise accounts * Co-own ...
... contractual notification windows * Manage on-call rotation for relevant Key Personnel; enforce ... Demonstrated incident command experience across multi-vendor teams under pressure * Runbook ...
New
Quick apply
... contractual notification windows * Manage on-call rotation for relevant Key Personnel; enforce ... Demonstrated incident command experience across multi-vendor teams under pressure * Runbook ...
New
Chicago, IL · On-site
$65 - $85.50/hr
... contractual accountability, and integration of vendor support workflows into internal ITSM processes. * Hands-on experience as incident commander during major outages: able to quickly assess system ...
Chicago, IL · On-site
$65 - $85.50/hr
... contractual accountability, and integration of vendor support workflows into internal ITSM processes. * Hands-on experience as incident commander during major outages: able to quickly assess system ...
Chicago, IL · On-site
$65 - $85.50/hr
... contractual accountability, and integration of vendor support workflows into internal ITSM processes. * Hands-on experience as incident commander during major outages: able to quickly assess system ...
Chicago, IL · On-site
$65 - $85.50/hr
... contractual accountability, and integration of vendor support workflows into internal ITSM processes. * Hands-on experience as incident commander during major outages: able to quickly assess system ...
... contractual commitments. * Proactively identify risks impacting store operations, order fulfilment, and supply chain continuity. Major / Critical Incident Management * Act as Incident Commander for ...
... contractual commitments. * Proactively identify risks impacting store operations, order fulfilment, and supply chain continuity. Major / Critical Incident Management * Act as Incident Commander for ...
Atlanta, GA · On-site
Major Incident (MI) Command & Execution * Lead and oversee Major Incident management, including ... Ensure vendors meet contractual obligations related to incident response, escalation, and ...
Atlanta, GA · On-site
Major Incident (MI) Command & Execution * Lead and oversee Major Incident management, including ... Ensure vendors meet contractual obligations related to incident response, escalation, and ...
Westwego, LA · On-site
$17.25 - $23.50/hr
Manage overtime (OT) hours in accordance with contractual requirements, including tracking ... Take immediate incident command until EOC is activated and present then continue to work in ...
Quick apply
Westwego, LA · On-site
$17.25 - $23.50/hr
Manage overtime (OT) hours in accordance with contractual requirements, including tracking ... Take immediate incident command until EOC is activated and present then continue to work in ...
Richmond, VA · On-site
$50 - $55/hr
... contractual commitments. • Proactively identify risks impacting store operations, order fulfilment, and supply chain continuity. Major / Critical Incident Management • Act as Incident Commander ...
Quick apply
Richmond, VA · On-site
$50 - $55/hr
... contractual commitments. • Proactively identify risks impacting store operations, order fulfilment, and supply chain continuity. Major / Critical Incident Management • Act as Incident Commander ...
Richmond, VA · On-site
$60/hr
... and contractual commitments. * Proactively identify risks impacting store operations, order fulfilment, and supply chain continuity. * Act as Incident Commander for all P1/P2 business critical ...
Quick apply
Richmond, VA · On-site
$60/hr
... and contractual commitments. * Proactively identify risks impacting store operations, order fulfilment, and supply chain continuity. * Act as Incident Commander for all P1/P2 business critical ...
Kent, WA · On-site
$64.25 - $85.50/hr
Manage oncall scheduling and incident response; serve as incident commander during outages, lead ... contractual compliance. * Maintain and update operational runbooks, playbooks, and runtofailure ...
Kent, WA · On-site
$64.25 - $85.50/hr
Manage oncall scheduling and incident response; serve as incident commander during outages, lead ... contractual compliance. * Maintain and update operational runbooks, playbooks, and runtofailure ...
Kent, WA · On-site
$64.25 - $85.50/hr
Manage oncall scheduling and incident response; serve as incident commander during outages, lead ... contractual compliance. * Maintain and update operational runbooks, playbooks, and runtofailure ...
Kent, WA · On-site
$64.25 - $85.50/hr
Manage oncall scheduling and incident response; serve as incident commander during outages, lead ... contractual compliance. * Maintain and update operational runbooks, playbooks, and runtofailure ...
... incident commander and ultimate escalation point for the SOC during high-severity incidents ... and contractual SLAs. Identify, prioritize, and assign resources to SOC capability enhancement ...
... incident commander and ultimate escalation point for the SOC during high-severity incidents ... and contractual SLAs. Identify, prioritize, and assign resources to SOC capability enhancement ...
Own and ensure end-to-end delivery of SaaS services aligned with contractual SLAs and performance ... Lead high-severity (P1/P2) incidents as the primary escalation point and incident commander * Drive ...
Own and ensure end-to-end delivery of SaaS services aligned with contractual SLAs and performance ... Lead high-severity (P1/P2) incidents as the primary escalation point and incident commander * Drive ...
Own and ensure end-to-end delivery of SaaS services aligned with contractual SLAs and performance ... Lead high-severity (P1/P2) incidents as the primary escalation point and incident commander * Drive ...
Own and ensure end-to-end delivery of SaaS services aligned with contractual SLAs and performance ... Lead high-severity (P1/P2) incidents as the primary escalation point and incident commander * Drive ...
... with contractual and regulatory requirements. The Deputy Fire Services Chief also supports ... HAZMAT Incident Commander * DoD/IFSAC/Pro Board: HAZMAT Awareness & HAZMAT Operations (with Mission ...
... with contractual and regulatory requirements. The Deputy Fire Services Chief also supports ... HAZMAT Incident Commander * DoD/IFSAC/Pro Board: HAZMAT Awareness & HAZMAT Operations (with Mission ...
Des Moines, IA · On-site
$110K - $120K/yr
Serve as Incident Commander or key responder for physical breaches, alarms, or policy violations ... Oversee vendor and third-party compliance through assessments, audits, and contractual reviews.
Des Moines, IA · On-site
$110K - $120K/yr
Serve as Incident Commander or key responder for physical breaches, alarms, or policy violations ... Oversee vendor and third-party compliance through assessments, audits, and contractual reviews.
Midland, MI · On-site
Manages subcontractors and the construction team to meet contractual conditions of performance. (25 ... NIMS IS 100: NIMS IS 100 Introduction Incident Command System Equivalent Experience: Within 6 ...
Midland, MI · On-site
Manages subcontractors and the construction team to meet contractual conditions of performance. (25 ... NIMS IS 100: NIMS IS 100 Introduction Incident Command System Equivalent Experience: Within 6 ...
$17 - $21.25/hr
Coordinate workforce resources to maintain contractual staffing levels and operational continuity ... Maintain accurate operational records, including incident reports, staffing actions, and ...
$17 - $21.25/hr
Coordinate workforce resources to maintain contractual staffing levels and operational continuity ... Maintain accurate operational records, including incident reports, staffing actions, and ...
Philadelphia, PA · On-site
$17 - $21.25/hr
Coordinate workforce resources to maintain contractual staffing levels and operational continuity ... Maintain accurate operational records, including incident reports, staffing actions, and ...
Quick apply
Philadelphia, PA · On-site
$17 - $21.25/hr
Coordinate workforce resources to maintain contractual staffing levels and operational continuity ... Maintain accurate operational records, including incident reports, staffing actions, and ...
$31K - $33.7K
7% of jobs
$33.7K - $36.5K
11% of jobs
$36.5K - $39.2K
3% of jobs
$39.2K - $41.9K
2% of jobs
$44.6K is the 25th percentile. Wages below this are outliers.
$41.9K - $44.6K
1% of jobs
$44.6K - $47.4K
0% of jobs
$47.4K - $50.1K
0% of jobs
$50.1K - $52.8K
0% of jobs
$52.8K - $55.5K
0% of jobs
$55.5K - $58.3K
0% of jobs
The median wage is $59.2K / yr.
$58.3K - $61K
75% of jobs
$31K
$53.5K
$61K
Full-time
Medical, Dental, Vision, Life, Retirement, PTO
Re-posted 2 days ago
The Company
NorthMarkCompute & Cloud (NMC) is backed by dedicated leadership and investment, with a clear mission as itoperatesat the bleeding edge of technology. Its goal is to scale and enhance the high-performance computing (HPC) and cloud infrastructure that supports its clients' research, production, and delivery, enabling breakthroughs that shape the industries of tomorrow. Its engineers build critical infrastructure toeliminatefriction in scientific research, simulations, analysis, and decision-making, accelerating discovery and driving faster innovation.
The Position
The Director of Incident Response owns the full incident lifecycle across NMC's HPC and multi-tenant cloud environments, reporting to the CISO. This is a builder role. You will stand up the IR function from the ground up: playbooks, on-call rotations, tooling integration, forensic capability, and the team itself. You will run major incidents in environments where detection-to-containment is measured in minutes, where forensic preservation must survive tenant-specific legal hold requirements, and where every post-incident finding feeds directly into engineering backlogs with enforceable SLAs.
You willoperateas the senior IR authority across Security Engineering, Platform Engineering, Data Center Operations, and customer-facing technical teams.
Responsibilities:
Build the IR function end to end: staffing model, 24/7 coverage plan, severity matrix, escalation tree, retainer relationships, and tooling stack aligned to NIST SP 800-61r2 phase structure
Own major incident command for all Sev-0 and Sev-1 events, security and operational, including customer-facing communications and regulatory notification decisions
Develop detection-to-containment runbooks mapped to MITRE ATT&CK techniques relevant to HPC and cloud tenancy threats: credential abuse (T1078), lateral movement via Kubernetes and scheduler primitives (T1610, T1613), data exfiltration over research network egress (T1041, T1567), and supply chain compromise in scientific software pipelines (T1195)
Establish forensic readiness across bare-metal HPC nodes, Kubernetes workloads, and hypervisor layers: memory capture, disk imaging, container runtime evidence, and audit log chain-of-custody standards
Drive root cause analysis to engineering remediation with measurable closeout SLAs, notwrittenreports that sit on a Confluence page
Build andmaintainthe Known Error Database, runbook library, and tabletop exercise program with scheduled red team, customer-triggered, and infrastructure failure scenarios
Instrument the IR function with hard metrics: MTTD, MTTA, MTTC, MTTR by severity and incident class, recurrence rate, playbook coverage percentage, and on-call load distribution
Operate Jira Service Management as the authoritative incident system of record, with defined integrations to detection tooling, paging (PagerDuty or equivalent), and engineering backlog systems
Partner with Security Engineering on detection engineering feedback loops: every incident eithervalidatesan existing detection, triggers a new one, or exposes a detection gap that becomes a tracked engineering item
Own executive and board-level incident reporting, including quarterly trend analysis, regulatory and contractual incident disclosures, and customer trust reporting for enterprise accounts
Co-own business continuity and disaster recovery testing with Platform and DC Operations, ensuring IR plans integrate cleanly with BCP/DR runbooks
Requirements:
10+ years in security operations or incident response, with at least 5 years running major incident response in high-availability, multi-tenant, or mission-critical infrastructure environments
5+ years leading IR or SOC teams, including direct accountability for hiring, performance management, and 24/7 operational coverage
Demonstrated incident command experience on Sev-0 events with customer, regulatory, or board-level exposure
Deep technical fluency in at least two of: HPC environments (Slurm, InfiniBand, GPU clusters), Kubernetes and container security, hypervisor and bare-metal forensics, or public cloud incident response (AWS, Azure, GCP)
Working command of NIST SP 800-61r2, MITRE ATT&CK, and CIS Controls v8 Incident Response domain (Controls 17.1 through 17.9)
Hands-on experience with Jira Service Management, PagerDuty or equivalent, and at least one enterprise SIEM or XDR platform in a production IR context
Experience building detection-to-response feedback loops with a detection engineering or SOC counterpart, notoperatingIR as a downstream consumer of alerts
Track recordof RCA work that produced engineering remediation with measurable defect reduction, not documentation for its own sake
Comfortoperatingin a pre-scale organization where tooling, process, and team do not yet exist and must be designed before they can be run
Preferred:
GCIH, GCFA, GCFR, or equivalent hands-on IR certification
ITIL 4 Foundation or Practitioner certification
Experience with regulated or contractually constrained environments: financial services customers, export-controlled workloads, or sovereign cloud requirements
Prior experience during a CSP independence or infrastructure repatriation program
It is impossible to list every requirement for, or responsibility of, any position. Similarly, we cannot identify all the skills a position may require since job responsibilities and the Company's needs may change over time. Therefore, the above job description is not comprehensive or exhaustive. The Company reserves the right to adjust, add to or eliminate any aspect of the above description. The Company also retains the right to require all employees to undertake additional or different job responsibilities when necessary to meet business needs.
Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future.
Benefits & Perks:
Company-Paid Lunch Stipend: Lunch is provided via GrubHub
Company-Paid Benefits: 100% Employer-Paid Medical in our High Deductible Health Plan, Dental and Vision benefits for employees and their families, 16 weeks of Paid Parental Leave, Employee Assistance Program, Life insurance, Short-Term Disability and Long-Term Disability
401(k): Company will match 100% of your contributions up to 6%
Optional Employee-Paid Benefits: Medical insurance in our PPO plan and a variety of other benefits such as Health Savings Accounts (with Company Contribution!), Flexible Spending Accounts, Supplemental Life Insurance, Wellhub and more.
Time Off: 25 days of Paid Time Off plus 12 company holidays
EQUAL OPPORTUNITY EMPLOYER
NORTHMARK STRATEGIES LLC IS AN EQUAL EMPLOYMENT OPPORTUNITY EMPLOYER. THE COMPANY'S POLICY IS NOT TO DISCRIMINATE AGAINST ANY APPLICANT OR EMPLOYEE BASED ON RACE, COLOR, RELIGION, NATIONAL ORIGIN, GENDER, AGE, SEXUAL ORIENTATION, GENDER IDENTITY OR EXPRESSION, MARITAL STATUS, MENTAL OR PHYSICAL DISABILITY, AND GENETIC INFORMATION, OR ANY OTHER BASIS PROTECTED BY APPLICABLE LAW. THE FIRM ALSO PROHIBITS HARASSMENT OF APPLICANTS OR EMPLOYEES BASED ON ANY OF THESE PROTECTED CATEGORIES.