Cybersecurity Lead

Position Overview

• Role: Cybersecurity Lead
• Location: San Jose, CA (Hybrid)
• Type: Full-Time

Company Overview

Incedo is a US-based consulting, data science, and technology services firm with over 4000 professionals across the US, Mexico, and India. We empower clients to achieve competitive advantage through end-to-end digital transformation, leveraging strong engineering, data science, and design capabilities combined with deep domain expertise.

Role Overview:

The Cybersecurity Lead is a hands-on technical leader responsible for integrating offensive and defensive security operations to continuously improve the company’s resilience against cyber threats. This role will lead the Blue Team in managing and enhancing security monitoring, detection pipelines, and incident response processes, while also orchestrating Red Team simulations to assess and refine the company’s defensive capabilities. Reporting to the Director of Cybersecurity, this leader will bridge strategy and execution, focusing on emulating adversaries, strengthening controls, and transforming findings into actionable defense improvements.

Key Responsibilities:

Blue Team Operations and Tool Management

• Lead and oversee the management, configuration, and tuning of security detection and response platforms (SIEM, EDR/XDR, SOAR, IDS/IPS, NDR, TIPs).
• Ensure integrated, end-to-end visibility across endpoints, cloud, and production systems.
• Define standards for log collection, parsing, and correlation to improve alert accuracy.
• Drive continuous tuning of detection rules based on MITRE ATT&CK and emerging threats.
• Collaborate with IT and Engineering for security telemetry integration in cloud and CI/CD environments.
• Oversee threat hunting, alert triage, and incident response playbook execution.
• Partner with DevOps and infrastructure teams to embed security monitoring in hybrid environments.

Red Team and Offensive Security

• Design and conduct controlled adversary emulation exercises to test detection and response.
• Execute attack chains (phishing, privilege escalation, persistence, lateral movement) using real-world TTPs.
• Develop and maintain custom adversary scripts and payloads.
• Provide detailed post-exercise reports with actionable defensive recommendations.
• Collaborate with Blue Team to operationalize detections based on Red Team findings.

Incident Response and Continuous Improvement

• Lead or co-lead major incident response efforts.
• Build and maintain detailed incident response runbooks.
• Conduct root cause analysis and lead retrospectives for measurable improvements.
• Integrate threat intelligence and forensic insights into detection content and playbooks.
• Plan and execute adversarial simulations to validate readiness.
• Develop the roadmap for continuous improvement of detection, response automation, and control validation.
• Serve as a technical escalation point for complex investigations.
• Translate technical results into executive-level insights demonstrating risk reduction.

Qualifications:

• Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience).
• 8+ years of cybersecurity experience, with proven leadership in Blue, Red, or Purple Team operations.
• Demonstrated ownership of enterprise security detection tools (SIEM, EDR/XDR, SOAR, threat intel platforms).
• Strong understanding of MITRE ATT&CK, Cyber Kill Chain, and threat emulation frameworks.
• Deep technical expertise in one or more of: endpoint/network forensics, cloud security monitoring (AWS, Azure, GCP), scripting/automation (Python, PowerShell, Bash), or security engineering.
• Proven ability to lead incident response and purple team exercises.
• Certifications like OSCP, GCFA, GCIH, GPEN, GXPN, or GCTI are highly desirable.
• Strong communication and leadership skills.

Preferred Experience:

• Enterprise or production-scale environments (SaaS, networking, hybrid cloud).
• Familiarity with DevSecOps, CI/CD security, and cloud-native monitoring.
• Experience mentoring Blue Team analysts and managing tool lifecycles.
• Exposure to purple team automation frameworks (AttackIQ, Caldera, Scythe).

AI Use Guidelines for Interviews:

AI or recording tools are not permitted during live interviews unless explicitly invited or approved. Inappropriate use may impact your application.