Senior Manager, Incident Response

Help us elevate and internalize a world-class incident response program. As Senior Manager, Incident Response, you’ll design, implement, and continuously improve our IR capabilities—owning use case creation and deployment in Microsoft Sentinel, advising senior leaders during investigations, and leading our shift from third-party services to a resilient follow-the-sun model powered by internal talent. If you thrive at the intersection of hands-on engineering, program leadership, and mentorship, we’d love to hear from you.

What You’ll Do

Lead the enterprise Incident Response (IR) program—set strategy, roadmap, and standards aligned to business goals and industry best practices.

Drive the transition from a third-party SIEM / incident service to an internal, follow-the-sun IR operating model.

Own IR process excellence—mature workflows, playbooks, runbooks, and documentation; run regular QA reviews and exercises to identify and close gaps.

Create actionable, threat-informed use cases and detections; collaborate across teams to translate risk and regulatory needs into robust engineering solutions.

Implement, validate, and optimize use cases in our SIEM (Microsoft Sentinel) to ensure accurate real-time detection, triage, analysis, and reporting.

Serve as senior incident advisor and escalation point (“senior 3”) for containment, eradication, and recovery; mentor and coach responders at all levels.

Plan and run tabletop exercises, purple-team style drills, and ongoing responder training in partnership with IT, architecture, and business stakeholders.

Define and report KPIs / KRIs for IR readiness and performance; deliver clear, executive-level insights and recommendations.

Integrate threat intelligence to proactively detect, mitigate, and learn from emerging risks.

What You’ll Bring

Minimum Qualifications

Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent practical experience).

7+ years in incident response, security operations, or closely related domain, including 2+ years in a senior / lead or advisory capacity.

Deep expertise in SIEM engineering : configuration, tuning, and detection / use-case development (Microsoft Sentinel, Splunk, QRadar, ArcSight, or similar).

Strong knowledge of network protocols; Windows, Linux, and macOS; cloud environments; and endpoint security technologies.

Demonstrated success leading complex technical investigations and coordinating multidisciplinary teams under pressure.

Exceptional written and verbal communication skills; ability to translate complex technical issues for executive and non-technical audiences.

Track record of mentorship, training, and measurable process improvement.

Highly organized with an analytical, risk-based approach to problem solving.

Preferred Qualifications

Advanced degree and / or relevant certifications such as CISSP, GCIH, GCFA, or comparable SANS / GIAC credentials.

Hands-on experience operating a global or follow-the-sun IR model and conducting purple-team exercises.

Familiarity with threat intelligence platforms and automations, SOAR tooling, and metrics frameworks for cyber risk.

Why Join Us?

Shape a modern, globally responsive IR capability at mission-driven scale.

Collaborate across security architecture, IT, and the business to drive meaningful risk reduction.

Enjoy flexible work arrangements within the US and the support of a leadership team that values authenticity, courage, accountability, agility, and a growth mindset.

Grow as a talent magnet—mentor others, build high-functioning teams, and leave a lasting impact on our security culture.

#LI-ML1

About CFA Institute

CFA Institute are the global leader in investment excellence and ethics. With nearly 200,000 charterholders across 160 markets, we drive professional growth, ethical behavior, and better markets. We care about our employees’ well-being, offering industry-leading benefits like :

Comprehensive health coverage for you and your family

Generous leave and time off

Competitive retirement plans

Flexible work options

Wellness, education, and support programs

If you feel this opportunity could be the next step in your career, we encourage you to click “Apply” and complete our three-minute application.

Be part of a team committed to putting investors first and growing economies. Follow us @CFAInstitute on and .

We are an Equal Opportunity Employer. CFA Institute prohibits both discrimination and harassment with regard to all identifying characteristics : any individual employee, group of employees, or prospective employee on the basis of race, color, national origin, citizenship or immigration status, religion, creed or belief, age, marital or partnership status, marital or family status, care giver status, pregnancy and maternity, sexual and other reproductive health decisions, physical abilities / qualities, disability, sexual orientation, gender, gender identity or expression, predisposing genetic characteristic, military or veteran status, status as a victim or witness of domestic violence or sex offense or stalking, unemployment status, infectious disease carrier status, migrant worker status, educational background, socio-economic status, geographic location and culture or any other basis protected by applicable law. This policy impacts all aspects of employment, including but not limited to, recruitment, hiring, compensation, training, development, promotion, demotion, layoff, recall, furlough, transfer, leave of absence, and dismissal. This is a global policy that applies to all CFA Institute employees, regardless of location.

If, due to a disability or current medical condition, you need an accommodation or assistance to complete a job application, you can request one at any stage of the recruitment process. Please send an email to noting the accommodations or assistance you are requesting. Please do not include any medical or health information in this email. We will review your request and contact you to discuss the possible options and arrangements. We will try our best to provide you with an accommodation or assistance that meets your needs and respects your preferences.

Our application is not compatible with Internet Explorer (IE). We recommend using Chrome.