What are the responsibilities and job description for the Incident Response Lead -Cybersecurity position at Bench?
Incident Response Lead โ Cybersecurity
๐ Location: Hunt Valley, MD (Onsite)
๐ข Function: Cybersecurity | Threat Management
๐ Employment Type: Full-time
Role Overview
We are seeking an experienced Incident Response Lead to join our Cybersecurity Threat Management team. This role owns and leads the Enterprise Incident Response Program, ensuring timely, coordinated, and effective responses to cybersecurity incidents across the organization.
You will work closely with IT, Legal, HR, Privacy teams, and external partners to manage incidents, strengthen response maturity, and continuously improve security operations.
This is a high-impact, onsite leadership role based in Hunt Valley, MD.
Key Responsibilities
- Lead end-to-end incident response activities, including detection, containment, eradication, and recovery.
- Own and continuously improve Incident Response Plans, playbooks, and procedures.
- Act as the primary escalation point during major cybersecurity incidents.
- Coordinate response efforts across IT, Legal, HR, Privacy, MSPs, and vendors.
- Prepare detailed incident reports, including timelines, impact assessments, root cause analysis, and remediation actions.
- Design and deliver incident response training, tabletop exercises, and simulations.
- Define, track, and report incident response KPIs and metrics.
- Provide subject matter expertise to strategic cybersecurity initiatives and projects.
- Lead post-incident reviews and drive continuous improvement.
Required Qualifications
Education
- Bachelorโs degree in Computer Science, Information Security, or a related field
- (or equivalent experience from industry, military, or government service)
Experience
- 8 years of experience in cybersecurity or information technology
- 3 years of hands-on experience in Incident Response or SOC environments
- Proven experience leading enterprise-scale incident response efforts
- Strong track record of collaborating with cross-functional teams
Technical Expertise
- Strong knowledge of incident response frameworks:
- NIST 800-61
- MITRE ATT&CK
- Experience managing complex security incidents and executive-level reporting
- Ability to communicate technical incidents clearly to both technical and non-technical audiences
Preferred Certifications
- GCIA
- GCIH
- CREM
- GIAC
- CISSP
- Other relevant cybersecurity certifications
Key Skills & Competencies
- Strong leadership and coordination skills
- Excellent written and verbal communication
- Calm and decisive under pressure
- Analytical mindset with attention to detail
- Collaborative and stakeholder-focused approach
- Continuous improvement and risk-based decision making