Incident Response Manager in Atlanta, Georgia at Fortuna Cysec Inc

Company Overview

Fortuna Cysec delivers unified cybersecurity operations through TheFense platform—our integrated MDR, SIEM, EDR, and response ecosystem designed for regulated industries, nonprofits, healthcare, education, and mission-driven organizations. Our global SOC/NOC operates 24×7×365, providing real-time visibility, rapid containment, and deep technical expertise across diverse customer environments.

We are expanding our Incident Response leadership team with a hands-on technical manager who thrives in fast-moving investigations and can guide customers through their most critical security events.

Role Summary

The Cybersecurity Incident Response Manager leads and directly participates in high-severity investigations across Fortuna Cysec’s customer base. This role blends technical depth, operational leadership, and customer-facing communication. You will serve as the senior escalation point for complex incidents, drive containment and remediation, and strengthen TheFense platform’s detection and response capabilities.

Lead and Execute Incident Response

· Command all phases of incident response—triage, investigation, containment, eradication, and recovery—while performing hands-on technical analysis.

· Analyze EDR telemetry, SIEM alerts, network logs, cloud audit logs, and identity events across Microsoft, AWS, and hybrid environments.

· Execute containment actions including endpoint isolation, identity disablement, MFA resets, OAuth token revocation, and firewall/network segmentation changes.

· Conduct forensic acquisition and analysis using Velociraptor, KAPE, FTK, EnCase, and Volatility.

· Reverse-engineer or sandbox suspicious binaries/scripts to determine behavior and impact.

· Lead hypothesis-driven threat hunts mapped to MITRE ATT&CK using TheFense’s unified telemetry.

Strengthen IR Operations

· Oversee daily IR operations across global SOC/NOC teams, ensuring SLA adherence and seamless follow-the-sun handoffs.

· Review and enhance IR playbooks, runbooks, and automated response actions within TheFense.

· Ensure high-quality incident documentation, evidence handling, and customer-ready reporting.

· Conduct root-cause analysis and deliver technically detailed post-incident reviews.

· Partner with engineering to refine detection logic, reduce false positives, and improve automation.

Engage Directly with Customers

· Serve as the technical authority during active breaches, guiding CISOs, IT directors, and executive stakeholders.

· Deliver clear, concise briefings that include attack path analysis, forensic findings, and prioritized remediation steps.

· Support customer teams with hands-on remediation across identity, cloud, endpoint, and email ecosystems.

· Provide strategic recommendations aligned with NIST, CIS Controls, and Fortuna Cysec best practices.

Advance Threat Intelligence and Detection

· Translate emerging threat intelligence into new detection rules, response playbooks, and threat-hunting queries.

· Validate detection logic through lab testing, simulated attacks, and historical telemetry review.

· Identify detection gaps and collaborate with TI teams to enrich investigations with IOCs and adversary behavior patterns.

Build Team and Platform Maturity

· Mentor analysts across global SOC/NOC teams in IR, forensics, cloud investigations, and threat hunting.

· Develop internal tooling and automation using Python or PowerShell.

· Participate in tabletop exercises, purple-team engagements, and breach simulations.

· Contribute to the evolution of TheFense platform by evaluating new telemetry sources and response capabilities.

Required Qualifications

• 5–10+ years of hands-on experience in incident response, threat hunting, SOC operations, or digital forensics.
• Deep technical expertise with EDR platforms (Microsoft Defender, SentinelOne, CrowdStrike, Carbon Black).
• Strong SIEM experience with log parsing, correlation, and custom detection creation (Wazuh, Microsoft Sentinel, Elastic, Splunk).
• Strong Windows Servers, Office 365 & Azure EntraID / Intune Experience
• Hands-on experience with cloud IR in Azure, AWS, and hybrid environments.
• Proficiency with forensic tools (Velociraptor, KAPE, FTK, EnCase) and memory analysis frameworks (Volatility).
• Strong understanding of identity security (Entra ID, Okta), email security (M365, Proofpoint), and SaaS compromise patterns.
• Familiarity with MITRE ATT&CK, NIST 800-61, CIS Controls, ISO 27035.
• Ability to communicate complex technical findings to both technical and executive audiences.
• Relevant certifications: GCIA, GCFA, GCIH, GNFA, CISSP, or equivalent experience.

Preferred Qualifications

• Experience in an MDR, MSSP, or IR consulting environment.
• Scripting/automation skills in Python or PowerShell.
• Experience with malware analysis, cloud forensics, or identity compromise investigations.
• Experience supporting regulated industries (HIPAA, FERPA, PCI-DSS, SOX, CJIS) and mission-driven organizations.

Fortuna Cysec is an equal opportunity employer. We consider all qualified applicants for employment without regard to race, color, religion, creed, national origin, sex, pregnancy, age, sexual orientation, transgender status, gender identity, disability, alienage or citizenship status, marital status or partnership status, genetic information, veteran status or any other characteristic protected under applicable law.