Position Summary
The Incident Response Manager serves as a senior technical leader responsible for managing complex cybersecurity incident response engagements, mentoring and developing incident responders, overseeing engagement delivery, and acting as a trusted advisor to clients during cybersecurity crises. This role combines deep technical expertise with leadership, business development, client relationship management, and operational oversight responsibilities.

• Serve as the primary client-facing leader during major cybersecurity incidents.
• Lead multiple concurrent incident response engagements involving ransomware, data breaches, insider threats, cloud compromises, and advanced threat actor activity.
• Provide executive-level briefings to CISOs, CIOs, legal counsel, executive leadership, boards of directors, and other stakeholders.
• Direct forensic investigations, threat hunting activities, containment efforts, eradication plans, and recovery operations.
• Review and approve technical findings, investigation reports, executive summaries, and client deliverables.
• Coordinate internal and external resources to ensure successful engagement execution and client outcomes.
• Ensure investigations meet legal, regulatory, and evidentiary requirements.
• Develop and maintain incident response methodologies, playbooks, procedures, and service offerings.
• Lead and mentor Incident Response consultants and senior staff through coaching, technical guidance, and performance feedback.
• Assist with recruiting, onboarding, and professional development of team members.
• Support business development efforts through proposal development, scoping, client presentations, and strategic discussions.
• Identify opportunities to expand client relationships and deliver additional cybersecurity services.
• Contribute to thought leadership through whitepapers, webinars, conference presentations, and market-facing content.

• 7+ years of cybersecurity experience with at least 3 years focused on incident response, digital forensics, threat hunting, or cyber defense operations.
• Demonstrated experience leading complex incident response engagements from initial detection through recovery.
• Experience managing project teams, mentoring technical staff, and coordinating cross-functional stakeholders.
• Strong leadership, decision-making, and risk management capabilities.
• Excellent communication skills with the ability to present technical findings to executive and non-technical audiences.
• Ability to manage competing priorities and multiple concurrent engagements.
• Strong understanding of networking, operating systems, identity systems, cloud technologies, and cybersecurity principles.
• Experience utilizing SIEM platforms such as Splunk, Elastic, Microsoft Sentinel, or FortiSIEM.
• Experience utilizing EDR platforms such as CrowdStrike, SentinelOne, Microsoft Defender for Endpoint, or Carbon Black.
• Proficiency with scripting and automation using PowerShell, Python, Bash, or similar technologies.
• Strong documentation and report-writing capabilities.
• Willingness to travel approximately 15% or more as required.

• Expert knowledge of Windows, Linux, Active Directory, Microsoft Entra ID, Microsoft 365, AWS, Azure, and Google Cloud environments.
• Advanced understanding of attacker tactics, techniques, and procedures (MITRE ATT&CK).
• Experience leading enterprise-scale ransomware investigations and recovery efforts.
• Experience coordinating legal counsel, cyber insurance carriers, law enforcement, and third-party stakeholders during incidents.
• Experience developing incident response programs, tabletop exercises, and cyber resilience strategies.
• Experience managing consulting engagements and project financials.
• Experience building and managing cybersecurity teams.
• Relevant certifications such as GCFA, GCIH, GCED, GREM, GCTD, CISSP, CCSP, CISM, AWS Security Specialty, or Azure Security Engineer Associate.

The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Crowe, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $110,800.00 - $226,400.00 per year.

Our Benefits:
Your exceptional people experience starts here. At Crowe, we know that great peopleare what makes a great firm. We care about our people and offer employees a comprehensive total rewards package.

How You Can Grow:
We will nurture your talent in an inclusive culture that values diversity. You will have the chance to meet on a consistent basis with your Career Coach that will guide you in your career goals and aspirations. Learn more about where talent can prosper!