Incident Response Lead, Cyber Security

About The Role What if your hard-won experience in the SOC trenches could directly strengthen how organizations detect, respond to, and contain real threats? We're looking for a seasoned Incident Response Lead to independently evaluate SOC operations — reviewing detection workflows, stress-testing playbooks, and surfacing the gaps that keep security teams up at night. This is a fully remote, flexible contract engagement. If you've lived through real incidents, built response processes from scratch, or spent time hunting for what others missed — this is work that will feel both familiar and meaningful.

• Type: Hourly Contract
• Location: Remote
• Commitment: Flexible

What You'll Do

• Evaluate detection alert pipelines, triage workflows, and escalation pathways for quality and consistency
• Assess the completeness and effectiveness of incident response actions across real or simulated timelines
• Identify critical gaps in logging coverage, detection logic, and containment procedures
• Review and validate incident response playbooks for clarity, accuracy, and operational feasibility
• Summarize recurring incident patterns and pinpoint operational bottlenecks
• Support ongoing assessments of SOC maturity and overall response readiness
• Deliver structured, analytical documentation that drives actionable improvements

Must-Have Who You Are

• Hands-on experience in SOC operations, incident response leadership, or cybersecurity operations
• Strong working knowledge of detection engineering, response workflows, and incident lifecycle management
• Sharp analytical thinking with the ability to translate findings into clear, structured written assessments
• Comfortable working independently and delivering consistent, high-quality evaluations

Nice To Have

• Familiarity with SIEM platforms (e.g., Splunk, Sentinel, Chronicle)
• Experience with EDR tools and cloud-native detection systems
• Background in threat intelligence, purple teaming, or adversary simulation
• Relevant certifications such as GCIH, GCFA, CISSP, or equivalent

Why Join Us

• Apply deep security expertise to work that has a real, measurable impact on organizational resilience
• Fully remote and flexible — complete assessments on a schedule that works for you
• Freelance autonomy with meaningful, structured task-based work
• Engage with a diverse range of SOC environments, toolsets, and operational challenges
• Potential for ongoing work and contract extension across new assessments and engagements

Apply tot his job Apply To this Job