The Incident Response Manager is a hands-on leader responsible for managing One Source Communications’ incident response program. This role combines team leadership with technical expertise—ensuring timely detection, investigation, and resolution of security incidents while coaching and developing the incident response team. The Incident Response Manager will own KPIs related to team performance, incident handling efficiency, and customer satisfaction, while actively participating in incident investigations and response activities with customers. 

Team Leadership & Operations 

• Recruit, onboard, and manage the performance of IR Engineers (FTEs and contractors).
• Provide coaching, career development, and performance feedback to ensure a high-performing team culture.
• Actively participate in incident detection, triage, investigation, containment, and remediation.
• Develop and maintain IR playbooks, escalation procedures, and runbooks for consistency and efficiency.

Partner & Opportunity Management 

• Oversee and manage the external partnership opportunity queue—providing customer feedback, assigning engineers, tracking engagements, and forecasting resource needs.
• Perform light-to-moderate discovery for external partnership engagements, partnering with Sales Solutioning and internal teams to shape strategies for larger expansion opportunities.
• Collaborate with RevOps and CRO to identify expansion opportunities tied to IR engagements (MSSP, MSP, Advisory services).

Reporting & Business Performance 

• Deliver monthly and ad hoc reports to the Director and Executive Team, including:
• Total OS hours dedicated to IR customers (billable and non-billable).
• Monthly billable revenue and YTD revenue.
• Opportunity pipeline, bandwidth forecasts, and surge resource requirements.
• Closed/Lost opportunity reporting with historical insights.
• Provide 6-month forward-looking resource and bandwidth forecasting to support team health and growth planning.
• Share customer insights with leadership regarding large opportunities requiring additional resourcing (contractors or FTEs).

Continuous Improvement & Compliance 

• Lead post-incident reviews, documenting lessons learned and driving process improvements.
• Align IR processes with regulatory, compliance, and customer requirements.
• Analyze incident and revenue trends to proactively identify areas for operational improvement.

• 5+ years of experience in incident response, SOC operations, or cybersecurity roles.
• 2+ years of experience in a leadership or people management role.
• Hands-on technical expertise with SIEM tools, EDR solutions, and security monitoring platforms.
• Strong understanding of threat vectors, attack methodologies, and incident response frameworks (NIST, SANS, etc.).
• Excellent communication and leadership skills; able to translate technical issues into business impacts.
• Relevant certifications a plus (e.g., GCIH, GCIA, CISSP, CISM, or similar).
• Bachelor’s degree in Cybersecurity, Information Technology, or related field (or equivalent work experience).