Cybersecurity Operations & Incident Response Lead

About the role

Coastal is at the forefront of modern banking, combining strong financial infrastructure with cutting-edge Banking-as-a-Service (BaaS) and fintech enablement strategies. We support not only individuals with their personal banking needs; we also empower businesses by integrating modern banking technology that drives growth, flexibility, and innovation. At Coastal, we think and move like entrepreneurs; focused on impact, speed, and continuous improvement. We believe in working smart, collaborating deeply, and building solutions that unlock real potential. If you're someone who thrives in a fast-moving environment, loves solving complex problems, and wants to help shape the future of banking, we'd love to meet you. Check out our video here ! The Cybersecurity Operations & Incident Response Lead builds and runs Coastal's 24×7 security operations capability-people, processes, and technology-across a hybrid environment that blends legacy on-premises systems with modern cloud services and custom-developed APIs. You will lead security monitoring, incident response, detection engineering/content development, and vulnerability management. You'll also own the relationship with our third-party SOC, ensuring use-cases, playbooks, and tuning are tightly aligned to our business, our risk profile, and our environment. This role blends hands-on technical depth with calm, decisive leadership during security events, enabling Coastal to detect, respond to, and recover from threats swiftly and consistently. RESPONSIBILITIES TO INCLUDE Security Monitoring & Detection Engineering Own SIEM/SOAR strategy and daily operations; drive log onboarding, normalization, and high-fidelity detections across the entire technology landscape, including but not limited to: Core technology infrastructure: Active Directory Domain Services, Entra ID, Okta, Azure control plane, Zscaler, Windows and macOS endpoints, hybrid network Productivity/G&A systems: M365, SaaS Business-specific systems: Azure IaaS/PaaS services, custom-developed API services, banking core, financial ledger and reporting systems Coordinate with Engineering and IT to build detection engineering into system development lifecycle. Develop, test, and maintain detection content (e.g., KQL/Sigma), alert routing, and enrichment pipelines that reduce noise and increase true-positive rates. Integrate threat intelligence (strategic, operational, and technical) into detections and response workflows. Incident Response Serve as incident response commander for high-severity incidents; coordinate cross-functional responders in Infrastructure, IT, Engineering, Legal, and Compliance. Build, maintain, and continuously improve standard operating procedures (SOPs), runbooks, and playbooks. Maintain and exercise incident response plans through tabletop and similar activities. Mature evidence handling, forensics workflows, and case management; ensure accurate timelines and regulator-ready documentation. Drive post-incident reviews with measurable corrective actions (people/process/technology) and executive readouts. Vulnerability & Exposure Management and Threat Hunting Own the vulnerability management lifecycle, ensuring coverage of vulnerability discovery, triage, and management across servers, endpoints, network, cloud subscriptions, containers/images, and custom APIs. Prioritize remediation using risk-based scoring and exploit intelligence. Track configuration and identity hygiene (e.g., privileged accounts, conditional access, MFA coverage, device compliance) and partner with owners to close gaps. Building and maturing a threat hunting and purple team function as part of the overall Security & Threat Operations maturation roadmap. SOC/MSSP Governance Lead day-to-day oversight of the third-party SOC: queue hygiene, case quality, SLAs, runbook adherence, and continuous tuning to our environment. Ensure vendor tooling integrations, data retention, and access are compliant with Coastal policies and regulatory expectations. Security and Threat Operations Leadership Establish operating rhythms (standups, metrics reviews, post-incident retrospectives) and standard operating procedures for response, containment, eradication, and recovery. Build and maintain a Security and Threat Operations strategy in coordination with the Director of Security Engineering and Operations, CISO, and other stakeholders, including software engineering, data engineering, and IT. Develop and report on KPIs and KRIs for the Security and Threat Operations function. Governance, Risk, Audit & Reporting Align SecOps processes to FFIEC/GLBA expectations and industry frameworks (NIST CSF and Cyber Risk Institute Profile). Prepare evidence for audits/exams; provide clear, actionable metrics and board-level reporting on SOC performance, incident trends, control coverage, and risk reduction. Partner with Legal, Compliance, Privacy, and Third-Party Risk on obligations and notifications. Cul

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Coastal Community Bank? Share your experience