Incident Response Manager

Responsibilities

• Serve as the primary client-facing leader during major cybersecurity incidents.
• Lead multiple concurrent incident response engagements involving ransomware, data breaches, insider threats, cloud compromises, and advanced threat actor activity.
• Provide executive-level briefings to CISOs, CIOs, legal counsel, executive leadership, boards of directors, and other stakeholders.
• Direct forensic investigations, threat hunting activities, containment efforts, eradication plans, and recovery operations.
• Review and approve technical findings, investigation reports, executive summaries, and client deliverables.
• Coordinate internal and external resources to ensure successful engagement execution and client outcomes.
• Ensure investigations meet legal, regulatory, and evidentiary requirements.
• Develop and maintain incident response methodologies, playbooks, procedures, and service offerings.
• Lead and mentor Incident Response consultants and senior staff through coaching, technical guidance, and performance feedback.
• Assist with recruiting, onboarding, and professional development of team members.
• Support business development efforts through proposal development, scoping, client presentations, and strategic discussions.
• Identify opportunities to expand client relationships and deliver additional cybersecurity services.
• Contribute to thought leadership through whitepapers, webinars, conference presentations, and market-facing content.

Requirements

• 7+ years of cybersecurity experience with at least 3 years focused on incident response, digital forensics, threat hunting, or cyber defense operations.
• Demonstrated experience leading complex incident response engagements from initial detection through recovery.
• Experience managing project teams, mentoring technical staff, and coordinating cross-functional stakeholders.
• Strong leadership, decision-making, and risk management capabilities.
• Excellent communication skills with the ability to present technical findings to executive and non-technical audiences.
• Ability to manage competing priorities and multiple concurrent engagements.
• Strong understanding of networking, operating systems, identity systems, cloud technologies, and cybersecurity principles.
• Experience utilizing SIEM platforms such as Splunk, Elastic, Microsoft Sentinel, or FortiSIEM.
• Experience utilizing EDR platforms such as CrowdStrike, SentinelOne, Microsoft Defender for Endpoint, or Carbon Black.
• Proficiency with scripting and automation using PowerShell, Python, Bash, or similar technologies.
• Strong documentation and report-writing capabilities.
• Willingness to travel approximately 15% or more as required.
• Expert knowledge of Windows, Linux, Active Directory, Microsoft Entra ID, Microsoft 365, AWS, Azure, and Google Cloud environments.
• Advanced understanding of attacker tactics, techniques, and procedures (MITRE ATT&CK).
• Experience leading enterprise-scale ransomware investigations and recovery efforts.
• Experience coordinating legal counsel, cyber insurance carriers, law enforcement, and third-party stakeholders during incidents.
• Experience developing incident response programs, tabletop exercises, and cyber resilience strategies.
• Experience managing consulting engagements and project financials.
• Experience building and managing cybersecurity teams.
• Relevant certifications such as GCFA, GCIH, GCED, GREM, GCTD, CISSP, CCSP, CISM, AWS Security Specialty, or Azure Security Engineer Associate.
• We expect the candidate to uphold Crowe's values of Care, Trust, Courage, and Stewardship. These values define who we are. We expect all of our people to act ethically and with integrity at all times.
• The application deadline for this role i

Additional Information

Your Journey at Crowe Starts Here: At Crowe, you can build a meaningful and rewarding career. With real flexibility to balance work with life moments, you're trusted to deliver results and make an impact. We embrace you for who you are, care for your well-being, and nurture your career. Everyone has equitable access to opportunities for career growth and leadership. Over our 80-year history, delivering excellent service through innovation has been a core part of our DNA across our audit, tax, and consulting groups. That's why we continuously invest in innovative ideas, such as AI-enabled insights and technology-powered solutions, to enhance our services. Join us at Crowe and embark on a career where you can help shape the future of our industry. Job Description: Incident Response Manager Position Summary The Incident Response Manager serves as a senior technical leader responsible for managing complex cybersecurity incident response engagements, mentoring and developing incident responders, overseeing engagement delivery, and acting as a trusted advisor to clients during cybersecurity crises. This role combines deep technical expertise with leadership, business development, client relationship management, and operational oversight responsibilities.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at crowe? Share your experience