Senior Cyber Incident Response Lead

Sony Pictures

$160K — $200K *
Information Technology
11 - 15 years of experience
Job Overview by Ladders

Qualifications

  • 12 Years of experience leading enterprise cyber incident response investigations and digital forensic analysis.
  • Experience developing and maturing enterprise Incident Response programs, playbooks, and operational processes.
  • Demonstrated technical leadership with the ability to influence cross-functional teams and managed security service providers.
  • Strong experience with SIEM, SOAR, and Endpoint Detection and Response (EDR/XDR) platforms.
  • Deep knowledge of Digital Forensics and Incident Response (DFIR), MITRE ATT&CK, NIST Cybersecurity Framework, and incident response best practices.
  • Experience with threat hunting, detection engineering, and security monitoring optimization.
  • Excellent written and verbal communication skills for diverse technical and executive audiences.

Responsibilities

  • Own and continuously mature the Cyber Incident Response program and governance.
  • Lead investigations into various cyber threats like malware, ransomware, and data breaches.
  • Oversee incident containment, eradication, recovery, and conduct post-incident reviews for improvement.
  • Conduct advanced digital forensic investigations to assess and analyze the impact of incidents.
  • Collaborate with SOC and engineering teams to enhance detection and response capabilities.
  • Develop and execute the SOAR strategy to optimize incident response efficiently.
  • Report on program effectiveness and develop KPIs to communicate strategic progress to leadership.

Benefits

  • Comprehensive benefits package
  • Annual incentive eligibility
  • Opportunity for professional development and growth
  • Exposure to advanced technologies and real-world challenges
  • Collaborative work environment with cross-functional teams
Full Job Description
The Senior Cyber Incident Response Lead provides strategic leadership and technical expertise for Sony Pictures' Cyber Incident Response program. This role leads the enterprise response to cybersecurity incidents while driving the maturity of incident response, digital forensics, security operations, detection engineering, and security automation.

As the senior technical authority for Incident Response, this position partners with the Security Operations Center (SOC), Threat Intelligence, Security Engineering, Infrastructure, Application teams, and managed security service providers to investigate, contain, eradicate, and recover from cyber incidents. The role also owns the Incident Response roadmap, SOAR strategy, operational metrics, and continuous improvement initiatives that strengthen Sony Pictures' cyber resilience. The position provides technical leadership and strategic guidance to internal teams and managed service partners without direct people management responsibilities.

Responsibilities
  • Own and continuously mature the enterprise Cyber Incident Response program, including response plans, playbooks, governance, on-call processes, and operational standards aligned with NIST CSF, NIST 800-61, and MITRE ATT&CK.
  • Serve as the senior technical authority for enterprise incident response, leading investigations involving malware, ransomware, phishing, insider threats, cloud compromises, data breaches, and other advanced cyber threats.
  • Lead incident containment, eradication, recovery, and post-incident activities, ensuring effective remediation and continuous improvement through lessons learned.
  • Conduct advanced digital forensic investigations across endpoints, servers, cloud platforms, SaaS environments, identity systems, and enterprise infrastructure to determine root cause, scope, and business impact.
  • Partner with the SOC, Threat Intelligence, Detection Engineering, and Security Engineering teams to improve detection coverage, investigation quality, and overall response effectiveness.
  • Define and execute the enterprise SOAR strategy by designing and optimizing automation workflows and playbooks that improve operational efficiency and accelerate incident response.
  • Provide strategic oversight and technical leadership for managed security service providers and outsourced SOC operations, ensuring alignment with organizational priorities and operational objectives.
  • Drive continuous improvement of Security Operations through automation, AI, process optimization, operational metrics, and maturity initiatives.
  • Develop and maintain Incident Response KPIs, executive dashboards, and operational reporting that communicate program effectiveness, cyber risk, and strategic progress.
  • Produce executive briefings, incident reports, and technical assessments for senior leadership and key stakeholders.
  • Serve as the primary technical liaison during significant cybersecurity incidents with executive leadership, Legal, Privacy, HR, business stakeholders, third-party partners, and external agencies.
  • Monitor the evolving threat landscape and collaborate across security, infrastructure, cloud, identity, and application teams to strengthen enterprise detection, response, and resilience.


Qualifications

Required
  • 12 Years of experience leading enterprise cyber incident response investigations and digital forensic analysis.
  • Experience developing and maturing enterprise Incident Response programs, playbooks, and operational processes.
  • Demonstrated technical leadership with the ability to influence cross-functional teams and managed security service providers.
  • Strong experience with SIEM, SOAR, and Endpoint Detection and Response (EDR/XDR) platforms.
  • Deep knowledge of Digital Forensics and Incident Response (DFIR), MITRE ATT&CK, NIST Cybersecurity Framework, and incident response best practices.
  • Experience with threat hunting, detection engineering, and security monitoring optimization.
  • Experience developing security operations metrics, executive dashboards, and reporting for senior leadership.
  • Experience with scripting and automation using Python, PowerShell, APIs, or similar technologies.
  • Excellent written and verbal communication skills with the ability to communicate effectively across technical and executive audiences.

Preferred
  • CISSP, GCFA, GCIH, GNFA, GCFE, or equivalent certifications.
  • Experience responding to security incidents in AWS, Azure, or Google Cloud Platform.
  • Experience supporting global enterprise Security Operations Centers.
  • Experience implementing automation and orchestration to improve Security Operations efficiency and response times.


The anticipated base salary for this position is $160,000-$200,000. This role may also qualify for annual incentive and/or comprehensive benefits. The actual base salary offered will depend on a variety of factors, including without limitation, the qualifications of the individual applicant for the position, years of relevant experience, level of education attained, certifications or other professional licenses held, and if applicable, the location of the position.

Similar Jobs

More Jobs at Sony Pictures

More Information Technology Jobs

Find similar Senior Cyber Incident Response Lead jobs: