Incident Response Lead

I am working with a Global organisation helping them to source an Incident Response Lead who will be responsible for leading and coordinating all Threat Detection and Response (TDR) activities across the organization, ensuring smooth day-to-day operations within the TDR function.
This role requires a strong leader with excellent operational management skills who can proactively enhance TDR capabilities across the business. The ideal candidate will ensure timely and accurate handling of security incidents while closely collaborating with teams across the wider Cyber Security Operations landscape. The position also involves contributing to long-term planning for TDR processes, tooling, and methodologies to stay aligned with an ever-evolving threat environment.
The successful candidate will understand the strategic importance of incident response and know how to leverage insights from TDR activities to strengthen threat detection techniques and response playbooks. Deep technical knowledge in incident response practices - including digital forensics is essential. The manager will oversee structured and well-prioritized operations, while providing regular performance updates and detailed incident analyses to key stakeholders, highlighting both technical and business impacts.

Responsibilities

• Lead and evolve the organization’s threat detection and response strategy, including operational plans, capabilities, and continuous improvements.
• Oversee daily TDR operations to ensure accurate, timely, and effective incident response and proactive threat-hunting activities.
• Act as the primary link between technical teams and business stakeholders to minimize the impact of security incidents and support uninterrupted business operations.
• Mentor and guide the TDR team, fostering collaboration, knowledge sharing, and a strong culture of continuous improvement.
• Develop, refine, and maintain TDR playbooks, including procedures, best practices, and escalation workflows.
• Review and advise on incident cases, helping refine anomaly-based detection and improve overall detection and analysis quality.
• Deliver clear and detailed post-incident reports, including root cause analysis and strategic recommendations, and drive ongoing process improvements.

Qualifications

• Bachelor’s or master’s degree in Information Technology, Cybersecurity, or a related field.
• At least five years of experience in cybersecurity, with significant involvement in Threat Detection and Response activities within large or complex environments.
• Hands-on experience in incident response, security monitoring, digital forensics, and/or advanced malware analysis.
• Demonstrated leadership experience overseeing a TDR or similar security operations team.
• Strong understanding of core TDR concepts, including security technologies, network protocols, data center environments, and cloud platforms.
• Familiarity with major cybersecurity tools such as Microsoft Sentinel, Microsoft Defender, IBM QRadar, and Palo Alto for enhancing monitoring and response workflows.
• Proven ability to produce high-quality executive-level reports, updates, and recommendations to support decision-making and effective risk management.

This role will require 3 days per week in the office in Hamburg so please consider this before applying. I look forward to your application!