Cybersecurity Incident Response Lead from A-Line Staffing Solutions

Senior Incident Response Lead

Location: Hybrid schedule available in either Detroit, MI, or Charlotte, NC.

Rate: 65-80/hr on w-2 (No C2C or third party candidates will be accepted on this role)

Job Description: As a Senior Incident Response Lead, you will be a key member of our Information Protection and Risk Management (IPRM) team, focusing on developing and implementing a comprehensive approach to managing security risks. You will work closely with subject matter experts across various teams to handle responses to cybersecurity threats and incidents.

This role involves leading investigations into security events, driving containment efforts, and maintaining and improving our Cybersecurity Incident Response plan. You will also manage audit responsibilities, contribute to use case development, and enhance response processes. Strong organizational skills and expertise in complex security investigations are essential.

Job Responsibilities:

• Lead investigations into information security events/incidents.
• Drive containment and remediation efforts during or after incidents.
• Maintain and enhance the Cybersecurity Incident Response plan.
• Oversee audit management responsibilities and address identified gaps.
• Contribute to the development and prioritization of use cases.
• Drive process improvements through new detections and response changes.
• Perform complex security investigations and root cause analyses.
• Participate in a rotating on-call schedule for after-hours incidents.
• Conduct post-incident reviews and generate After Action Reports.
• Coordinate with technical teams and third-party vendors to resolve incidents efficiently.
• Ensure all incidents are recorded and tracked to meet audit and legal requirements.
• Strengthen the overall response framework, including SOC and CSIRT functions.
• Serve as an escalation point for the PCI environment, providing guidance for monitoring and response.

Top Skills:

• Cloud experience – preferably Azure/AWS security experience; GCIA, GCIH, or other GIAC certifications preferred.
• Forensic capability and automation skills.
• Practical experience with Splunk, Sort, and Phantom.
• Familiarity with AI in security contexts.
• Availability to participate in a rotating on-call schedule for after-hours information security events/incidents, approximately once a month.
• Excellent communication skills – calm and composed under pressure, with a high emotional intelligence and ability to work collaboratively with diverse teams.
• Incident command experience – strong technical capabilities, social awareness, and the ability to prioritize effectively.

Qualifications:

• Minimum of five years of experience in information security.
• Deep understanding of network protocols and troubleshooting techniques.
• Extensive knowledge of server and workstation operating systems.
• Broad experience in managing security mitigation solutions across all layers and protocols.
• Experience securing multi-cloud environments, Function-as-a-Service (FaaS), and CI/CD pipelines.
• Experience in securing applications and APIs.
• Bachelor’s degree in information systems or a related field, or equivalent experience.
• Ability to analyze large and unstructured data sets to identify trends and anomalies indicative of malicious activity.
• Strong knowledge of current security threats, techniques, and the information security landscape.
• Capability to research and develop new tools, techniques, and processes to enhance security detection and analysis.
• Experience incorporating threat intelligence into security solutions.
• Experience with cyber hunting practices and using SIEM or enterprise search tools.
• Excellent verbal and written communication skills.
• Strong problem-solving and troubleshooting abilities with meticulous attention to detail.
• Ability to interact effectively with personnel at all organizational levels and understand business imperatives.