Incident Response Manager

Staff Incident Response Analyst 

Global Functions, is looking for a Staff Incident Response Analyst to be based at our Costa Rica! 

Purpose

The Staff Incident Response Analyst is a staff-level individual contributor within Orbia's Cyber Incident Response Team (CIRT), responsible for shaping how the organization prepares for, investigates, contains, and recovers from cybersecurity incidents at global scale. This role leads the most complex and high-impact incident response efforts while also building the systems, playbooks, automation, metrics, and readiness frameworks that improve the effectiveness of the broader incident response function. 

Main Responsibilities 

• Lead Orbia's most complex and high-impact security incidents, serving as a senior technical escalation point and coordinating response activity across internal teams, service providers, and business stakeholders.
• Design, maintain, and continuously improve incident response playbooks, runbooks, decision trees, and escalation procedures for the most critical incident types.
• Build and mature incident response automation and orchestration capabilities, including evidence collection workflows, enrichment pipelines, repeatable containment patterns, and case-management efficiency improvements.
• Design and lead cross-organizational incident readiness activities, including technical tabletop exercises, pre-staged response kits, crisis-response technical preparation, and business-unit escalation readiness.
• Drive proactive threat hunting and technical validation of detection and control coverage against emerging threats, using threat intelligence, incident learnings, behavioral analytics, and data from across Orbia's detection stack.
• Shape the incident response tooling strategy by evaluating integrations, identifying capability gaps, and partnering with engineering teams and vendors to improve the response toolset.
• Define, track, and report incident response operational metrics such as time to detect, time to contain, time to recover, case quality, and exercise outcomes, using the results to prioritize process and tooling improvements.
• Partner with Legal and Compliance, Security Architecture and Engineering, Cyber Threat Operations, and IT leaders to ensure evidence handling, forensic support, response coordination, and remediation execution are aligned during active incidents.
• Lead post-incident reviews and root-cause analysis for major incidents, translating findings into improvements in detection logic, response procedures, security controls, and operational resilience.

Knowledge/ Experience Required 

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, Engineering, or a related field, or equivalent hands-on experience
• Desirable: Master's degree in Cybersecurity, Computer Science, Engineering, or Business
• English: Fluent, written and verbal
• 8 to 12 years of experience in one or more of the following areas: incident response, digital forensics, security operations, cyber threat hunting, cyber threat intelligence, or cyber defense engineering
• Demonstrated experience leading complex, high-severity incidents and serving as a senior escalation point for technically difficult or business-impacting cases
• Strong experience building or maturing incident response capabilities beyond case handling alone, including playbooks, automation, tooling integration, readiness exercises, or metrics programs
• Deep technical experience with the incident management lifecycle, containment strategy, evidence handling, forensic support, and post-incident root-cause analysis
• Strong working knowledge of enterprise security platforms such as SIEM, EDR/XDR, SOAR, email security, DNS security, identity telemetry, network security tooling, and forensic collection or analysis tools
• Strong knowledge of threat actor tactics, techniques, and procedures, including use of frameworks such as MITRE ATT&CK and incident response models such as NIST SP 800-61
• Hands-on capability with scripting or automation in Python, PowerShell, or similar languages to improve response workflows and reduce repetitive work
• Experience influencing IT, security engineering, legal, compliance, and business stakeholders in a matrixed enterprise environment without formal authority

Behaviors that can help you succeed at Orbia:   

• Develop yourself & Others. 

• Foster Collaboration & Inclusion 

• Drive Results 

• Provide Vision & Direction