Threat & Incident Management Lead

At D+H, our incredible team of employees…
Embrace change
We’re flexible, ready to navigate through ambiguity with an open mind, and are energized by our fast-paced environment.
Are driven and motivated
We love a good challenge and are fueled by the opportunity to help shape our future.
Think Innovatively
The world is changing rapidly and we’re always looking for new ways to help our clients grow, compete and optimize their business.
Value Results and Relationships
D+H is a trusted partner to some of the world’s largest banks and corporations and our products are critical to their business. We believe in collaboration and teamwork to achieve the best results.
Your success story starts at D+H. For more information, visit
Threat & Incident Management Lead
The role is one of both technical and leadership abilities within D+H Corporate Information Security Services team, where the individual will investigate potential security events that have been escalated into the incident response process as well as monitor security threat intelligence resources for information on potential threats, threat actors, hactivist and others that may wish to interrup D+H business processes. This resource will develop incident scenarios as well as documented response procedures to address the identified threats.
Responsible for creating and executing incident response plans, processes, and procedures and performing root cause evaluations.
Needs to be able to define cyber security events vs. alerts vs. incidents for the organization, and create incident classification, severity, and priority tables in line with all threats, risks and vulnerabilities.
Must be able to identify and document incident trends and compromise patterns.
Monitoring of threat ntelligence sources including public, private, information sharing and dark web.
Translate security threat intelligence information into Executive level reports as necessary.
Participate in technical meetings and working groups to address issues related to malware security, vulnerabilities, and issues of cyber security and preparedness.
Form and articulate expert opinions based on analysis.
Preserve and analyze data from electronic data sources, including laptop and desktop computers, servers, and mobile devices.
Carry out triage of security events and elevate their priority to incident when required.
Research and identify key indicators of malicious activities on the network and end-user workstations.
Identify and provide key performance and risk metrics as necessary
Up to 25% travel required.
Enhance existing incident response methods, tools, and processes collect, assess, and catalog threat indicators
This position requires a detail oriented, critical thinker who can anticipate issues and solve problems. This individual should be able to analyze large datasets to detect underlying patterns and drive to a root cause analysis.
Advanced experience with security technologies including Intrusion Detection & Prevention Systems (IDS/IPS), Firewalls & Log Analysis, SIEM, Network Behavior Analysis tools, Antivirus, and Network Packet Analyzers, and Malware analysis and forensics tools
Well-developed analytic, qualitative, and quantitative reasoning skills and demonstrated creative problem solving abilities.
Strong work ethic and motivation with a demonstrated history of ability to work as part of a team and within a geographically dispersed environment.
Experience with forensic techniques and the most commonly used IR toolsets, such as Pstools, Volatility, EnCase, and FTK Suite preferred.
Familiarity with computer system hardware and software installation and troubleshooting.
Ability to anticipate and respond to changing priorities, and operate effectively in a dynamic demand-based environment, requiring extreme flexibility and responsiveness to business needs.
Experience creating policies, procedures, and runbooks
Previous experience in an operational environment such as SOC, CSIRT, CERT, etc.
5+ years’ working in a Incident Response job function
One or more of the following certifications: CISSP, CEH, CFE
Bachelor’s degree or equivalent combination of education and experience preferred
The above statements describe the general nature and level of work being performed by people assigned to this job. They are not intended to be an exhaustive list of all responsibilities, duties, and skills required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.


. . . . . . . .

Leave a Reply