Required Skills & Experience Bachelors degree in cybersecurity, computer science, information technology, or related field. 5+ years of experience in cybersecurity including at least 3 years in a security operations or incident response. Experience handling major cyber incidents such as ransomware, APT intrusions, or data breaches. Exceptional organizational skills with the ability to coordinate and drive results. Exceptional written and verbal communication skills. Excellent crisis management, decision-making, and leadership under pressure. Strong knowledge of incident response methodologies, including NIST 800-61, and security frameworks and standards such as ISO 27001, PCI DSS, and NIST. Strong analytical and troubleshooting abilities to investigate, identify, and resolve security incidents quickly and effectively. Strong understanding of security concepts and threat categories (such as malware, phishing attacks, Defense-in-Depth, MITRE ATT&CK framework, Cyber Kill Chain, etc.). Demonstrated experience in computer security-related disciplines such as incident response, host forensics, malware analysis, container security, network traffic analysis, Insider Threat, alert tuning, and trend analysis. Experience working with security tools such as Azure Sentinel, Splunk, Microsoft Defender Security Suite, firewalls, IDS/IPS, antispam, content management, server and network device hardening, etc. Nice to Have Skills & Experience PMP Job Description The Cyber Incident Response Commander is responsible for leading the coordination, communication, and strategic management of cybersecurity incidents across the organization. This role will act as the central authority during cyber incidents, guiding the organization through detection, containment, eradication and recovery. The ideal candidate brings deep incident response expertise, leadership, organization, and the ability to operate in high-pressure, time sensitive environment. Lead the end-to-end lifecycle of cyber incidents, including detection, containment, eradication, recovery and post-incident review. Make containment and eradication decisions based on real-time risk assessment. Organize and coordinate incident response activities across functional teams and relevant stakeholders. Oversee forensic investigations, malware analysis, log review, and threat hunting activities. Communicate incidents status and response strategy clearly to executives, legal, compliance, public relations and technology leadership. And prepare executive-level reports summarizing incident impact, response actions and future mitigations. Implement lessons learned to harden defenses and reduce response times for future events. Develop and continuously improve incident response processes such as IR playbooks/plans. Develop and facilitate tabletop or simulation exercises (e.g., insider threat, ransomware, zero-day exploit) for various audiences within lululemon. Provide after-hour support as needed and participate in on-call rotation.
Job Title
SOC Lead