ZipRecruiter

Log In

1

Incident Response Manager Jobs (NOW HIRING)

KPMG

Manager, Incident Response

Atlanta, GA · On-site

Lead and manage cyber incident response activities, including triage, containment, eradication, and recovery efforts for client incidents * Oversee and coordinate incident investigations across cyber ...

TEKsystems

Incident Response Lead

Fort Worth, TX · Remote

$53 - $82/hr

The Incident Response Lead works with IT stakeholders across Health Care System to develop policies, procedures, and risk management activities that efficiently contain and minimize the impact of ...

Aveanna Healthcare

Manager of Incident Response

Atlanta, GA · Hybrid

$130K - $160K/yr

Position Overview The Manager of Security Operations & Incident Response leads a team of security analysts and engineers responsible for protecting the organization through detection, response, and ...

next page

Showing results 1-20

All JobsIncident Response JobsIncident Response Manager Jobs

Incident Response Manager information

See salary details

$41K

$127.2K

$199.5K

How much do incident response manager jobs pay per year?

As of Jun 11, 2026, the average yearly pay for incident response manager in the United States is $127,177.00, according to ZipRecruiter salary data. Most workers in this role earn between $89,000.00 and $172,000.00 per year, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive as an Incident Response Manager, and why are they important?

To thrive as an Incident Response Manager, you need expertise in cybersecurity principles, risk assessment, incident handling, and often a degree in information security or a related field. Familiarity with security information and event management (SIEM) tools, forensic analysis platforms, and certifications like CISSP, CISM, or GIAC are typically required. Strong leadership, decision-making, and communication skills are crucial for coordinating teams and managing high-pressure situations. These competencies are vital to effectively detect, contain, and mitigate security incidents while minimizing organizational impact.

What Is the Job of an Incident Response Manager?

An incident response manager supervises a team of IT professionals who respond to cyber attacks, network intrusions, and computer crimes. Your responsibilities are to direct security personnel as they investigate security breaches and implement counter-measures. Prior to any breach or incident, your duties require you to analyze the activity on your organization’s servers and networks, locating vulnerabilities and implementing safeguards and procedural changes to prevent possible attack.

What are some common challenges faced by Incident Response Managers, and how can they effectively address them?

Incident Response Managers often encounter challenges such as rapidly evolving security threats, coordinating cross-functional teams under pressure, and ensuring clear communication during high-stress incidents. To effectively address these challenges, they focus on regular training and simulations, establish comprehensive incident response plans, and foster strong relationships with IT, legal, and executive teams. Emphasizing documentation and post-incident reviews also helps in continuously improving processes and adapting to new threats.

What is another word for incidents?

In the context of an Incident Response Manager, another word for incidents includes terms like events, occurrences, or security breaches. These refer to any unplanned or disruptive situations that require investigation and resolution, often involving cybersecurity or operational issues. Understanding these synonyms helps in effectively categorizing and managing various types of incidents within an organization.

What does an Incident Response Manager do?

An Incident Response Manager is responsible for leading an organization's efforts to detect, respond to, and recover from cybersecurity incidents such as data breaches, malware infections, or unauthorized access. They coordinate response teams, develop incident response plans, and ensure that incidents are properly documented and analyzed to prevent future occurrences. Their role also involves communicating with stakeholders, providing training, and keeping up to date with the latest cyber threats and best practices.

What is incident vs accident?

In the context of an Incident Response Manager, an incident refers to an unplanned event that disrupts normal operations, such as a cybersecurity breach or system failure, requiring investigation and response. An accident typically involves physical harm or damage resulting from human error or equipment failure. Differentiating between the two helps prioritize response efforts and implement appropriate safety or security measures.

What is an example of an incident?

An incident for an Incident Response Manager typically involves a security breach, such as unauthorized access to systems, malware infections, or data leaks. These events require immediate investigation, containment, and remediation using tools like intrusion detection systems and incident response plans. Prompt action minimizes damage and helps prevent future occurrences.

What is the meaning of incident?

In the context of an Incident Response Manager, an incident refers to an unplanned event or security breach that disrupts normal operations, such as a cyberattack or data breach. Identifying, managing, and resolving incidents quickly is essential to minimize damage and restore security. Incident management often involves using tools like SIEM systems and following established protocols to ensure effective response.

What is the difference between Incident Response Manager vs Security Analyst?

AspectIncident Response ManagerSecurity Analyst
CertificationsGCIH, CISSP, CISMCISSP, Security+
Work EnvironmentLeads incident response teams, manages response plansMonitors security systems, analyzes threats
Employer & Industry UsageUsed in cybersecurity teams across various industriesCommonly employed in security operations centers (SOCs)

The Incident Response Manager focuses on leading and coordinating incident response efforts, managing teams, and developing response strategies. In contrast, the Security Analyst primarily monitors security alerts, analyzes threats, and supports incident detection. Both roles require cybersecurity certifications and are integral to organizational security, but they differ in scope and responsibilities.

More about Incident Response Manager jobs
What cities are hiring for Incident Response Manager jobs? Cities with the most Incident Response Manager job openings:
What are the most commonly searched types of Incident Response jobs? The most popular types of Incident Response jobs are:
Who are the top companies hiring for Incident Response Manager jobs? The top employers for Incident Response Manager jobs are:
What states have the most Incident Response Manager jobs? States with the most job openings for Incident Response Manager jobs include:
What job categories do people searching Incident Response Manager jobs look for? The top searched job categories for Incident Response Manager jobs are:
Incident Response Manager jobs near you
Cyber Incident Response Lead

Cyber Incident Response Lead

West Advanced Technologies (WATI)

Downey, CA • On-site

Full-time

Posted 8 days ago

Job description

Cyber Incident Response Lead
Downey, CA
12+ months
Required Skills/Exp:
Experience with documenting incident response process and procedures.
Experience with first responder forensics analysis and investigation
Experience with triage and resolving advanced vector attacks such as botnets and advanced persistent threats (APTs)
Experience as the leas during business impacting situations, and work to restore normal service operations in cooperation with cross-functional partners.;
Advanced skills in timely communications and updates are provided for incident management and root-cause scenarios.
Ability to work directly with data asset owners and business response plan owners during high severity events of interest.; Leads the effort on messaging and communication related to incident reporting for all audience.
Experience driving containment strategy during data loss or breach events.
Experience with the documentation and maintain chain of custody of incident evidence.
Experience driving post-containment recovery effort through to complete incident closure
Should work with teams to provide recommendations to resolve and/or reduce impact of incident and to prevent future similar incidents.
Develop and enrich restoration procedures to mitigate future outages and business disruptions. a. Experience providing written final incident report to executive management that provide; Assessing scope of incident damage and assisting in the determination of incident severity.; Document activities such as investigation, discovery and recovery during the incident.
Experience with collaborating with departmental IT team to identify the root cause of recurring incidents and create action-plans for remediate and prevent recurring situations.
Maintain on-call availability for 24x7x365 coverage
Experience Preferred
One or more of the following professional certifications requited: Qualified Security Assessor (QSA), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professionals (CISSP), Certified Information Security Manager (CISM), Certified Information Privacy Professional (CIPP), GIAC Certified Incident Handler, (GCIH) or GIAC Network Forensic Analyst.
Bachelor's degree from an accredited college in Technology related discipline (e.g., Computer Science, Engineering, Information Systems, etc.) or equivalent experience/combined education.
Desired of three (3) years' experience in the last five (5) years as an IT Security Incident Response Manager, supporting a complex enterprise security environment for a large public or private organization. Desired of three (3) years of experience in the past five (5) years as an IT Security Incident Response Manager, supporting Enterprise Multi-Tenant environment, include responding, containing, remediating, and reporting on the infrastructure connecting to large private or public organization and Public Cloud Providers, such as AWS, Azure and/or GCP.
Minimum of two (2) years' experience in the last three (3) years analyzing, responding, and remediating enterprise network & security architectures.
Minimum of two (2) years' experience in the last three (3) years leading IT Security/Information Security teams.
Minimum of two (2) years' experience in the last three (3) years delivering Incident Reports and Remediation Recommendations in a large enterprise organization.
Demonstrated ability to create clear, concise technical documentations such as procedures, Visio diagrams, and system support documents, and strong presentation skills with experience using Microsoft PowerPoint.
Regards
Naresh Damagalla
West Advanced Technologies, Inc
E: naresh.d@wati.com

Apply