Director of Incident Response

About At-Bay:

At-Bay combines world-class technology with industry-leading insurance to help clients meet risk head-on. Partnering with brokers and business owners alike, we provide modern insurance products and active risk monitoring services for companies of every size and in every industry. Our team boasts many backgrounds and skills, from analysts and developers to designers and underwriters, and everything in between — all working together to redefine what it means to be an insurance company. 

We’re proud to be a diverse company and to have expertise from multiple industries driving our culture. At-Bay is expanding rapidly, and as we grow, we’re prioritizing inclusive hiring practices and supportive team environments. We’re committed to building a company culture where people of all identities and backgrounds are empowered to thrive, develop their career, and bring their full self to work. 

At-Bay is a globally distributed company with hubs in Atlanta, New York City, San Francisco, and Tel Aviv. To date, we have raised $292 million in funding from Acrew Capital, Glilot Capital, Icon Ventures, ION Crossover Partners, Khosla Ventures, Lightspeed Venture Partners, M12, entrepreneur Shlomo Kramer, and Qumra Capital. 

Role description

The Director of Incident Response provides direct day-to-day leadership of teams engaged in digital forensics and incident response with specific responsibilities including:

• Ownership of and management of the incident response service line at At-Bay, including capacity planning, capability sourcing, resource allocation, and market analysis to identify future areas of need for the team
• Performing stakeholder management for key relationships related to delivery of incident response services (e.g., breach coach attorneys, third-party IR vendors, IT service providers, etc.)
• Developing relationships as needed with At-Bay policyholders outside the scope of active incident response efforts
• Ownership of quality control for engagement delivery activities, client deliverables, and delivery activities
• Collection and synthesis of lessons learned from service delivery activities
• Participation in development and delivery of thought leadership (i.e. written and oral) to support At-Bay market messaging

Key skills

• Team leadership
• Previous digital forensics and incident response leadership experience
• Previous hands-on experience performing digital forensics and incident response including several of the following:
  • Digital evidence collection and analysis
  • Development and analysis of cyber threat intelligence
  • Leadership of or participation in investigations involving digital evidence
  • Intrusion detection / cyber threat hunting
  • Malware analysis
  • Incident recovery activities such as restoration of data from backups, operation of decryptor tools, etc.
  • Previous hands-on experience working in information technology operations (e.g., Network Operations Center, Security Operations Center, Incident Response Team, etc.)

Minimum requirements

• Bachelor’s degree or equivalent
• Minimum of 8 years of experience in cybersecurity operations, incident response, incident recovery, or another security discipline
• Willingness to travel as needed to perform job functions

Preferred requirements

• Significant undergraduate or graduate coursework in computer science, computer engineering, information systems, or cybersecurity
• Previous background in law enforcement or government / military with experience leading complex technical investigations
• Preferred candidates will have a mix of cybersecurity experience including either security operations or security engineering / architecture
• Knowledge of cloud environments including knowledge of cloud security products and services offered by major cloud service providers (e.g., AWS, Azure, Google)
• Experience as a manager or senior manager equivalent in technology or cybersecurity consulting, top-10 cyber consulting firm preferred
• One or more industry cybersecurity certifications (e.g., GCIH, Security+, CISSP, etc.)

Work location

USA, nationwide.