Incident Response Lead

Press Tab to Move to Skip to Content Link

Select how often (in days) to receive an alert: Create Alert

At Tetra Pak we commit to making food safe and available, everywhere; and we protect what's good – protecting food, protecting people, and protecting the planet. By doing so we touch millions of people's lives every day.

And we need people like you to make it happen.

We empower you to reach your potential with opportunities to make an impact to be proud of – for food, people and the planet.

The Incident Response (IR) Lead leads a 24/7 virtual team who monitor and respond to ISIRT major incidents. This role requires management of Incident Response activities and team communication with SOC analysts, SME and other IT technical personnel. This role is also required to work closely with stakeholders and cybersecurity’s leadership team. Additionally, the Incident Response Lead will ensure staff members prioritize their work related to suspected and confirmed incidents, which may vary in severity and impact. The Incident Response Lead will direct analysts to investigate, validate, remediate and communicate known details about the incident and is a point of contact for escalation.

Due to coverage requirements, this is a permanent position based in a country within the Asia time zone.

Role and responsibilities:

The Incident Response Lead will analyze and organize to help the team rank complex work. As a central figure, Incident Response Lead brings order to a fast-paced, constantly evolving operation. Incident Response Lead to enforce policies, playbooks and methodologies, which have been adopted for the best course of action.

Personal, organizational, communication and analytical skills are vital, as well as the ability to communicate effectively with cybersecurity leadership. This role requires technical aptitude, and managers are also expected to be adept at working well with people who will be under stress and subject to burnout.

Key Responsibilities:

• Manage a team of incident responders for ISIRT response and interact with cybersecurity leadership and business stakeholders.
• Coordinate and ensure ISIRT incidents are prioritized at all hours of the day.
• Implement a cross-functional team of analysts working closely with cybersecurity, IT and developers.
• Serve as a point of escalation and incident commander.
• Review ISIRT incidents that may be related to ransomware, host compromise, account compromise, phishing, anomalous user behavior, third parties and data leakage.
• Ensure the ISIRT response team is following processes embraced by leadership and adhering to best practices.
• Measure and give feedback to the team to improve mean time to respond, key performance indicators (KPIs) and service-level objectives.
• Proactively adjust to upcoming company changes affecting the operation to modify ISIRT response processes.
• Possess advanced knowledge of attackers’ methods of escalation; lateral movement; and tactics, techniques and procedures.
• Present incident analysis and trend reporting to leadership, highlighting KPIs.
• Review events and process effectiveness and make recommendations for change to leadership.
• Require participation in ISIRT tabletop exercises designed to identify gaps, improve skills, enhance communication and engage with key stakeholders.
• Oversee IR playbooks, policies, procedures and guidelines to ensure they align with industry best practices.
• Collaborate with infrastructure, IT, vulnerability, threat intelligence and application security leads.
• Participate in monitoring internal and external events and stay tightly aligned with infrastructure and third-party, hosted, on-premises and end-user systems.
• Review and communicate ISIRT incident details from initial investigation through root cause analysis and post-mortem.
• Maintain operational rigor and recognize when team members need time away to refocus and refresh.
• Identify strengths and weaknesses in ISIRT team members and provide training to improve skills and knowledge.
• Remain current with emerging threats and share knowledge with colleagues to improve incident response. Perform other duties as assigned.

Strong organizational and team management skills are required to excel in this role, as well as previous experience in security administration, IR and security operations center (SOC) roles.

• Seven-plus years’ experience in security administration and SOC, with three-plus years’ security IR.
• Demonstrated experience leading people both in person and remotely distributed.
• Self-aware and capable of remaining calm under intense pressure.
• Strong written and oral communication skills across varying levels of the organization.
• Excellent judgment and the ability to make quick decisions when working with complex situations.
• Organized, with the ability to prioritize and respond within defined SLAs and maintain composure.
• Understanding of threats and vulnerabilities, as well as principles of ISIRT incident response and chain of custody.
• Knowledge with multiple solutions such as security orchestration, automation and response; SIEM; threat intelligence platform; directory services; malware sandboxes; vulnerability management; MITRE ATT&CK; IR playbooks; and endpoint/extended detection and response
• Generally familiar with one or more but not limited to: NIST, ISO 27001, NIS 2, CRA
• Track record of acting with integrity, taking pride in work, seeking to excel, and being curious and flexible.
• High degree of integrity, trustworthiness, professionalism and character.

Education Requirements:

• Bachelor’s degree preferred in cybersecurity, computer science, engineering or related field.
• Certification in CRISC, CISSP, CISA, CISM will be a plus.

We Offer You

• A variety of exciting challenges with ample opportunities for development and training in a truly global landscape
• A culture that pioneers a spirit of innovation where our industry experts drive visible results
• An equal opportunity employment experience that values diversity and inclusion
• Market competitive compensation and benefits with flexible working arrangements

Apply Now

If you are inspired to be part of our promise to protect what’s good; for food, people, and the planet, apply through our careers page at .

If you have any questions about your application, please contact Ephraim Kwa .

Diversity, equity, and inclusion is an everyday part of how we work. We give people a place to belong and support to thrive, an environment where everyone can be comfortable being themselves and has equal opportunities to grow and succeed. We embrace difference, celebrate people for who they are, and for the diversity they bring that helps us better understand and connect with our customers and communities worldwide.