Head of Cyber Incident Response

Head of Cyber Incident Response

Position Overview

Are you passionate about leading complex cyber incident response efforts while remaining deeply technical?
This role sits at the intersection of hands-on incident response, threat mitigation, and team leadership. You will be part of a highly collaborative cyber defense organization, leading the response to high-impact security incidents while mentoring and developing the next generation of incident responders.

The ideal candidate is an analytical, curious, and resilient technical leader with a strong investigative mindset and a desire to reduce risk through decisive action. You bring deep knowledge of modern attack techniques and frameworks, communicate clearly under pressure, and naturally step in to lead during critical situations. You thrive in partnership working closely with security, IT, legal, HR, communications, and business teams to drive effective identification, containment, investigation, response, and recovery.

As a leader within Guardian’s cybersecurity organization, you are expected to think big, accelerate operational excellence, and lead through change with confidence and courage scaling both technical impact and team capability in a rapidly evolving threat landscape.

You Have

• 7-10 years of overall cybersecurity experience, with a focus in digital forensics, incident response, SOC, or threat mitigation.
• Broad and deep technical expertise across enterprise environments, including public cloud and SaaS platforms.
• 3+ years of security leadership experience, ideally in incident response or cyber defense, with a player/coach mindset.
• Strong command of incident response methodologies, digital forensics principles, and evidence handling.
• Knowledge and experience in threat hunting, malware analysis, attacker techniques, and common vulnerabilities.
• Practical experience working with NIST CSF, MITRE ATT&CK, and related security frameworks.
• Hands-on experience with SIEM and log analytics platforms including logging, monitoring, insider threat, and UBA concepts.
• Ability to translate cyber threat intelligence into actionable detections, mitigations, and response strategies.
• Experience operating in regulated environments, preferably financial services or insurance, with understanding of U.S. privacy regulations.
• Proven ability to lead, mentor, and develop high-performing technical teams.
• Strong written and verbal communication skills, with experience engaging technical teams, executives, and cross‑functional partners.
• Analytical, curious, and resilient under pressure; able to think structurally and creatively during incidents.
• BS or MS in cyber security, digital forensics, or equivalent experience and/or industry certifications preferred.
• A continuous, lifelong learner with a desire to grow into broader cyber leadership.

You Will

• Lead and mentor a team of incident response and forensics professionals in a hands-on leadership role.
• Serve as the senior escalation point within the team responsible for investigating complex, high-impact cyber incidents advanced from the SOC.
• Act as incident commander or technical lead, coordinate response actions with leadership across cybersecurity security teams while collaborating with legal, enterprise technology, engineering, and other internal teams.
• Manage the organization’s Corporate Cyber Incident Response capability, including coordination and execution.
• Develop, maintain, and test incident response plans, playbooks, quick-reference guides, and crisis communication procedures.
• Partner with first-line SOC teams to build muscle memory, clarify containment authorities, and standardize response actions.
• Coordinate with business continuity/disaster recovery teams to ensure an integrated response to large-scale cyber events.
• Drive continuous improvement of logging, monitoring, detection coverage, and UBA capabilities, proactively identifying gaps.
• Ensure incidents are tracked, reported, and reviewed, with high-quality after-action reports and meaningful metrics.
• Manage third-party incident response retainers, readiness exercises, and periodic simulations.
• Collaborate across teams through the hosting of cross-functional incident response training events, and debriefs to align on threats, trends, and lessons learned.
• Champion risk mitigation initiatives and improvements to security control effectiveness.
• Collaborate with cybersecurity leadership on strategy, roadmap development, vendor management, and talent planning.
• Contribute to enterprise programs such as DLP and insider risk management.
• Support internal and external audits, regulatory requests, and due diligence activities.
• Continuously identify opportunities to enhance incident response maturity, automation, and cyber defense capabilities.
• Drive our user behavior analytics (UBA) program working with the business to develop and improve appropriate logging monitoring. Develop standard operating procedures for our 1st line SOC based on threats/observed incidents.

Location and Travel

• Three days a week at a Guardian office in New York, NY. or Holmdel, NJ
• 20% travel to other Guardian Offices as needed

Salary Range:

The salary range reflected above is a good faith estimate of base pay for the primary location of the position. The salary for this position ultimately will be determined based on the education, experience, knowledge, and abilities of the successful candidate. In addition to salary, this role may also be eligible for annual, sales, or other incentive compensation.

Our Promise

At Guardian, you’ll have the support and flexibility to achieve your professional and personal goals.  Through skill-building, leadership development and philanthropic opportunities, we provide opportunities to build communities and grow your career, surrounded by diverse colleagues with high ethical standards.

Inspire Well-Being

As part of Guardian’s Purpose – to inspire well-being – we are committed to offering contemporary, supportive, flexible, and inclusive benefits and resources to our colleagues. Explore our company benefits at www.guardianlife.com/careers/corporate/benefits. Benefits apply to full-time eligible employees. Interns are not eligible for most Company benefits.

Equal Employment Opportunity

Guardian is an equal opportunity employer. All qualified applicants will be considered for employment without regard to age, race, color, creed, religion, sex, affectional or sexual orientation, national origin, ancestry, marital status, disability, military or veteran status, or any other classification protected by applicable law.

Accommodations

Guardian is committed to providing access, equal opportunity and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. Guardian also provides reasonable accommodations to qualified job applicants (and employees) to accommodate the individual's known limitations related to pregnancy, childbirth, or related medical conditions, unless doing so would create an undue hardship. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact [email protected]. Please note: this resource is for accommodation requests only. For all other inquires related to your application and careers at Guardian, refer to the Guardian Careers site.

Visa Sponsorship

Guardian is not currently or in the foreseeable future sponsoring employment visas. In order to be a successful applicant. you must be legally authorized to work in the United States, without the need for employer sponsorship.

Notice Regarding Guardian’s Use of Artificial Intelligence in Recruitment

As part of Guardian’s job application process, Guardian may use artificial intelligence tools (“AI Tools") to automate the sorting and filtering of information provided by applicants as part of its preliminary screening. This preliminary screening may be used to help identify applicant materials and resumes relative to their indication that the applicant meets the requirements for the specific job for which they are applying, as specified in the listing posted on Guardian’s jobs website (Careers at Guardian at https://www.guardianlife.com/careers). At Guardian, we do not use AI Tools to substantially assist or replace human judgment or discretionary decision making in our hiring process. All hiring decisions will be made by Guardian colleagues.

Please be aware that if you apply for a specific position with Guardian, you will have the choice of opting out of Guardian’s use of AI Tools during the job application process. If you would like to request an alternative process that does not utilize AI Tools or would like to request a reasonable accommodation, within ten business days of your position application, you must email your request to [email protected], making sure to provide your name and job requisition identification number. Guardian will retain your applicant materials and resume and all information therefrom in accordance with Guardian’s document retention policy, a copy of which you may request via [email protected].

Additionally, at applicable times, Guardian will make public the most recent bias audit results for such AI tools, which may be found here. 

Current Guardian Colleagues: Please apply through the internal Jobs Hub in Workday.