Director of Incident Response

Human is seeking an experienced security leader to lead our global incident response and investigations function. In this role, you will be accountable for how the organisation prepares for, detects, and responds to security incidents that impact HUMAN, our service ventures, partners, and customers. You will partner closely with engineering, infrastructure, legal, and business stakeholders to drive timely, high-quality incident handling and continuous improvement of our detection and response capabilities. As a member of a small team, you will also flex into adjacent security areas, including GRC, product security, and corporate security, wherever needed. Location USA East Coast or UK

What You Will Do

Lead global incident response

• Lead incident response end-to-end, providing both strategic direction and hands-on support during high-severity events.
• Own the full incident lifecycle – preparation, detection, triage, containment, eradication, recovery, and post-incident review – with clear roles, runbooks, and communication plans.
• Serve as, or appoint, the Incident Response Commander (IRC) for major incidents, directing the Cyber Security Incident Response Team (CSIRT) through technical investigation and remediation.
• Develop and run regular tabletop exercises and simulations with Security, IT, Engineering, Legal, People, and Customer Operations to validate readiness and drive improvements.
  
  

Build and automate security operations

• Design, implement, and tune detections across our technology stack (endpoint, network, cloud, SaaS, identity) and drive proactive threat hunting programs.
• Analyse existing and emerging threats, turning threat intelligence and trends into concrete detection use cases, playbooks, and clear risk narratives for leadership.
• Continuously improve automation and orchestration, evolving detection, enrichment, and response workflows using scripting and AI-assisted approaches to reduce time to detect and time to contain.
• Facilitate automation for others by enabling Security, IT, and Engineering teams with reusable workflows, integrations, and well-documented patterns rather than one-off scripts.
• Own relationships with MDR, SOC, and other security operations vendors, ensuring playbooks and runbooks are tuned to HUMAN’s threat model.
• Partner with engineering and cloud platform teams to enhance security monitoring and response across IaaS, PaaS, and SaaS environments.
  
  

Own governance, risk, and compliance for incident response

• Review and draft security policies, standards, and standard operating procedures that support effective incident response, business continuity, and crisis communications.
• Act as a key owner for incident-related controls across ISO 27001, ISO 27701, SOC 2, and PCI DSS, including evidence collection, walkthroughs, and responses to auditors and customers.
• Contribute to the enterprise risk assessment by identifying, analysing, and helping remediate risks related to incident detection, response, and continuity.
• Support broader GRC activities when they intersect with incident response, such as control design, risk register maintenance, and customer assurance work.
  
  

Flex across security domains

• Collaborate with Product Security, Corporate Security and IT on endpoint, identity, and other corporate SaaS security initiatives that improve visibility and response across the company.
• Step into adjacent security projects as needed, owning clear outcomes even when work extends beyond traditional incident response responsibilities.
  
  

Collaborate and represent security

• Own the incident communication plan for internal and external audiences, in coordination with the Security Committee, Legal, Customer Support, and Marketing, including law enforcement engagement where appropriate.
• Work directly with customers, prospects, and auditors to explain our incident response posture, answer questionnaires, and support RFPs and due diligence.
• Provide concise, executive-ready updates and recommendations to senior leadership during and after significant events.
• Define and report metrics that demonstrate the effectiveness and maturity of the incident response program, such as time to detect, time to contain, recovery time, incident trends, and control coverage.
  
  

Documentation and continuous improvement

• Develop and maintain documentation for incident response processes, custom tooling, detections, and playbooks to ensure repeatability and resilience.
• Drive lessons learned and post-incident reviews that translate into concrete changes in controls, tooling, and processes.
  
  

Who You Are

• Experienced security leader with 8 years in information security, at least 5 years focused on incident response, intrusion analysis, or security operations, and 3 years leading major programs or cross-functional initiatives.
• Demonstrated subject matter expertise in incident response, intrusion analysis, incident handling, malware analysis, or digital forensics, with deep knowledge of attacker techniques and detection strategies.
• Strong background in security operations and forensics, including how to investigate complex incidents across endpoints, networks, cloud services, and identities.
• Proven experience designing and refining incident response procedures and mitigation strategies based on post-incident analysis and lessons learned.
• Practical scripting or coding experience (for example, Python, shell, regular expressions, APIs) to automate analysis, enrich alerts, and integrate tools and data sources, with a genuine interest in enabling automation for others.
• Hands-on Linux systems experience and familiarity with securing applications and data across modern infrastructure stacks.
• Experience operating in cloud environments and working with Infrastructure as a Service platforms such as AWS, GCP, or Azure, including their native security services.
• Comfortable working with technologies such as SIEM, EDR, SOAR, IDS/IPS, and cloud native logging and monitoring.
• Strong communication and stakeholder management skills, including the ability to clearly explain complex technical issues and influence senior leaders toward security-minded decisions.
• High degree of adaptability and comfort with ambiguity, with the ability to prioritise and execute in dynamic, high-pressure situations and tight timelines.
• Demonstrated ability to solve complex problems while collaborating effectively with a globally distributed, tight-knit team.
• Understanding of governance, risk, and compliance frameworks, including ISO 27001, ISO 27701, SOC 2, and PCI DSS, and experience supporting external audits or certification efforts.
  
  

About HUMAN Security

HUMAN was founded in a Brooklyn sci-fi bookstore with a hacker mindset and the lofty mission of making the internet safer by putting humans first. Today, our Human Defense Platform safeguards enterprises from sophisticated bots, fraud, and account abuse, verifying the humanity of more than 20 trillion interactions per week for the world’s biggest brands and internet platforms.

HUMAN is an equal opportunity workplace dedicated to protecting the internet's integrity for everyone. We believe in putting people first, embracing diversity of thought from our global teams, and welcoming all individuals to share their unique experiences as we fight cybercrime together. We support our Humans with a comprehensive total rewards package for personal and professional development, including well-being and learning stipends, flexible work options, and dedicated time off. While our HQ is in NYC, we have teams worldwide.

HUMAN is growing fast, and there’s never been a more meaningful time to join us. If you thrive on solving complex problems and want to help shape the future of cybersecurity, join us as we build a safer, more human internet.

If you are an individual with a disability or special need that requires accommodation, please contact us directly.