Apply on Employer Site

SecurityHQ · 1 week ago

Lead Incident Responder (L3) – Managed Detection & Response

Texas, United States

Full-time

Hybrid

Senior Level, Lead/Staff

5+ years exp

SecurityHQ is a global cybersecurity company seeking an experienced Lead Incident Responder (L3) to act as the technical authority within their Managed Detection and Response (MDR) practice. The role involves leading incident responses, shaping detection capabilities, and advising clients on security posture improvements.

Information ServicesInformation Technology

Responsibilities

Act as the final escalation point and technical authority for high-severity security incidents

Lead and coordinate incident bridges and war rooms during active breaches

Drive long-term improvements in incident response playbooks, workflows, and tooling

Engage directly with CISOs, CTOs, and senior client stakeholders, delivering clear, risk-based guidance and remediation strategies

Champion a “front-foot” incident response mindset, ensuring rapid activation and decisive action during critical events

Conduct hypothesis-driven threat hunting across diverse client environments

Perform deep Digital Forensics & Incident Response (DFIR) investigations and produce high-quality technical reports

Participate in Red Team and Purple Team exercises, identifying gaps in detection and response

Conduct gap analysis to strengthen detection logic and SOC effectiveness

Take ownership of client security posture improvement, ensuring measurable progress over time

Identify environmental risks and deliver actionable, prioritised recommendations

Ensure onboarding and environments align with NCSC guidelines, including correct log ingestion and visibility

Act as a trusted advisor to clients throughout their security maturity journey

Drive detection engineering initiatives, creating and automating custom use cases

Contribute to the evolution of our MSSP practice through new methodologies, workflows, and tooling

Help shape the future of our MDR and Incident Response services

Lead technical workshops and tabletop exercises (TTXs) for client teams

Manage investigation deliverables, timelines, and stakeholder communications

Maintain a high standard of client experience, clarity, and follow-through

Qualification

Incident ResponseMSSP/MDR experienceEDR/XDR knowledgeCloud securityNetwork forensicsDFIR toolingGIAC certificationsCloud security certificationsCISSPCISMCommunication skills

Required

5–7+ years in Cybersecurity, with at least 5 years in Incident Response or SOC operations

Strong background in MSSP / MDR environments

Expert knowledge of EDR/XDR, SIEM platforms (Sentinel, Datadog, QRadar, Splunk)

Cloud security experience across AWS, Azure, or GCP

Hands-on experience with network forensics and DFIR tooling (e.g. Velociraptor)

Proven ability to lead incident war rooms and security incident bridges

Exceptional communication skills — able to translate technical findings into executive-level risk language

Preferred

GIAC certifications (GCIH, GCFA, GCFE, GREM)

Cloud security certifications (AZ-500, AWS Certified Security)

CISSP or CISM

Company

SecurityHQ

SecurityHQ is a Global MSSP that monitors networks 24/7, to ensure complete visibility and protection against your cyber threats.

Founded in 2003

Dubai, Dubai, ARE

501-1000 employees

https://www.securityhq.com/

Funding

Current Stage

Late Stage

Total Funding

unknown

Key Investors

Growth Capital Partners

2026-01-06Private Equity

Leadership Team

Feras Tappuni

CEO & Founder of SecurityHQ

Recent News

PE Hub

GCP completes investment in global MSSP SecurityHQ

2026-01-06

Zawya.com

Kalaam Telecom Group partners with SecurityHQ to enhance the cybersecurity landscape in the region

2025-07-28

PR Newswire UK

Kalaam Telecom Group Partners with SecurityHQ to Enhance the Cybersecurity Landscape in the Region

2025-07-28

Company data provided by crunchbase