Senior Manager, Incident Response
Madrigal Pharmaceuticals
1 month ago
Remote friendly (Pennsylvania Furnace, PA)
United States
IT
Key Responsibilities:
- Lead the organization’s enterprise cyber incident response capability across cloud, identity, endpoint, SaaS, and email environments, ensuring effective detection, containment, eradication, and recovery.
- Direct technical investigations and forensics to determine root cause, scope, and business impact, including risks to sensitive data, intellectual property, and regulated systems; maintain defensible evidence handling aligned with legal and regulatory requirements.
- Own continuous improvement of the incident response program, including readiness and tooling, and alignment to evolving threat and regulatory landscapes.
- Develop, maintain, and operationalize incident response playbooks, workflows, and tabletop exercises aligned with NIST and MITRE ATT&CK, including escalation paths and decision-making frameworks.
- Oversee detection and response to phishing, credential compromise, token abuse, and business email compromise; coordinate identity, endpoint, and cloud response actions.
- Correlate signals across security platforms (EDR, SIEM, identity and cloud telemetry) to identify coordinated/persistent threats and reduce attacker dwell time.
- Serve as a senior escalation point during high-severity incidents; translate technical findings into business impact, executive-ready communications, and risk-based recommendations.
- Define and track incident response metrics (e.g., MTTD, MTTR, dwell time, containment effectiveness), lead post-incident reviews, and drive continuous improvement.
- Partner with Security Operations, Engineering, IT, Compliance, Legal, HR, and Communications to align response strategies and enterprise risk reduction.
Required Qualifications:
- 8+ years of cybersecurity experience with hands-on focus in incident response, threat detection, or security operations.
- Proven experience leading incident response in cloud-first environments (Azure, AWS, Microsoft 365).
- Strong working knowledge of EDR, SIEM, identity and cloud-native logging, and security tooling.
- Demonstrated expertise investigating phishing, credential compromise, BEC, and identity-driven attacks.
- Solid understanding of attacker TTPs and frameworks such as MITRE ATT&CK.
- Experience directing/performing digital forensics, incident documentation, and evidence handling for legal/regulatory/compliance needs.
- Ability to lead cross-functional response and make decisions under pressure during high-severity incidents.
- Strong written/verbal communication; translate technical findings into executive-ready summaries and risk-based recommendations.
- Proven experience acting as incident commander or senior decision-maker for high-severity incidents.
- Ability to assess and communicate business and regulatory impact of cyber incidents.
Desired Qualifications:
- Experience building/maturing/scaling an incident response program in complex or regulated environments.
- Familiarity with HIPAA, SOX, FDA, and GDPR (including breach notification/disclosure).
- Experience leading tabletop exercises/simulations/crisis drills with executive stakeholders.
- Prior incident commander experience for major security incidents.
- Background in security automation, SOAR workflows, or response modernization.
- Industry certifications (e.g., GNFA, GCIA, GCED, GCIH, CISSP, CISM, CEH or equivalent).
- Experience partnering with external IR firms, cyber insurance providers, or legal counsel.
- Experience responding to identity- and SaaS-based attack patterns (e.g., OAuth abuse, token theft).
Benefits (as stated):
- Base salary estimate: $159,000–$194,000 per year (good faith estimate).
- Full-time employees eligible for base pay, bonus, equity, and comprehensive benefits including flexible paid time off, medical/dental/vision, life/disability insurance, and 401(k) (traditional, Roth, employer match); additional voluntary benefits such as supplemental life insurance and legal services; mental health benefits via Employee Assistance Program.
Application Instructions:
- Applications accepted on an ongoing basis via the Madrigal Careers site.
- Lead the organization’s enterprise cyber incident response capability across cloud, identity, endpoint, SaaS, and email environments, ensuring effective detection, containment, eradication, and recovery.
- Direct technical investigations and forensics to determine root cause, scope, and business impact, including risks to sensitive data, intellectual property, and regulated systems; maintain defensible evidence handling aligned with legal and regulatory requirements.
- Own continuous improvement of the incident response program, including readiness and tooling, and alignment to evolving threat and regulatory landscapes.
- Develop, maintain, and operationalize incident response playbooks, workflows, and tabletop exercises aligned with NIST and MITRE ATT&CK, including escalation paths and decision-making frameworks.
- Oversee detection and response to phishing, credential compromise, token abuse, and business email compromise; coordinate identity, endpoint, and cloud response actions.
- Correlate signals across security platforms (EDR, SIEM, identity and cloud telemetry) to identify coordinated/persistent threats and reduce attacker dwell time.
- Serve as a senior escalation point during high-severity incidents; translate technical findings into business impact, executive-ready communications, and risk-based recommendations.
- Define and track incident response metrics (e.g., MTTD, MTTR, dwell time, containment effectiveness), lead post-incident reviews, and drive continuous improvement.
- Partner with Security Operations, Engineering, IT, Compliance, Legal, HR, and Communications to align response strategies and enterprise risk reduction.
Required Qualifications:
- 8+ years of cybersecurity experience with hands-on focus in incident response, threat detection, or security operations.
- Proven experience leading incident response in cloud-first environments (Azure, AWS, Microsoft 365).
- Strong working knowledge of EDR, SIEM, identity and cloud-native logging, and security tooling.
- Demonstrated expertise investigating phishing, credential compromise, BEC, and identity-driven attacks.
- Solid understanding of attacker TTPs and frameworks such as MITRE ATT&CK.
- Experience directing/performing digital forensics, incident documentation, and evidence handling for legal/regulatory/compliance needs.
- Ability to lead cross-functional response and make decisions under pressure during high-severity incidents.
- Strong written/verbal communication; translate technical findings into executive-ready summaries and risk-based recommendations.
- Proven experience acting as incident commander or senior decision-maker for high-severity incidents.
- Ability to assess and communicate business and regulatory impact of cyber incidents.
Desired Qualifications:
- Experience building/maturing/scaling an incident response program in complex or regulated environments.
- Familiarity with HIPAA, SOX, FDA, and GDPR (including breach notification/disclosure).
- Experience leading tabletop exercises/simulations/crisis drills with executive stakeholders.
- Prior incident commander experience for major security incidents.
- Background in security automation, SOAR workflows, or response modernization.
- Industry certifications (e.g., GNFA, GCIA, GCED, GCIH, CISSP, CISM, CEH or equivalent).
- Experience partnering with external IR firms, cyber insurance providers, or legal counsel.
- Experience responding to identity- and SaaS-based attack patterns (e.g., OAuth abuse, token theft).
Benefits (as stated):
- Base salary estimate: $159,000–$194,000 per year (good faith estimate).
- Full-time employees eligible for base pay, bonus, equity, and comprehensive benefits including flexible paid time off, medical/dental/vision, life/disability insurance, and 401(k) (traditional, Roth, employer match); additional voluntary benefits such as supplemental life insurance and legal services; mental health benefits via Employee Assistance Program.
Application Instructions:
- Applications accepted on an ongoing basis via the Madrigal Careers site.