United States onlyAt Arctic Wolf, we're not just navigating the cybersecurity landscape - we're redefining it. Our global team of dedicated Pack members is driving innovation and setting new industry standards every day. Our impact speaks for itself: we've earned recognition on the Forbes Cloud 100, CNBC Disruptor 50, Fortune Future 50, and Fortune Cyber 60 lists, and we recently took home the 2024 CRN Products of the Year award. We’re proud to be named a Leader in the IDC MarketScape for Worldwide Managed Detection and Response Services and earning a Customers' Choice distinction from Gartner Peer Insights. Our Aurora Platform also received CRN’s Products of the Year award in the inaugural Security Operations Platform category. Join a company that’s not only leading, but also shaping, the future of security operations.
Our mission is simple: End Cyber Risk. We’re looking for a Incident Response Engagement Manager to be part of making this happen.
Position Overview and Objective
The Incident Response (IR) Engagement Manager is the Client, Counsel, and Partner(s)’s main point of contact throughout the engagement. They are responsible for the overall quality of each IR engagement.
Primary Responsibilities and Duties
Be the primary person scoping out new engagements for various types of engagements including but not limited to pre-ransomware, ransomware, network intrusion, website compromise, malware infection, business email compromise, insider threat and similar type incidents
Generate and, when necessary, revise IR Statement of Work (SOW), BAA, Service Agreement (SA), Attestation letter, insurance carrier form(s) and similar type documents
Lead assigned incident response engagements through the whole case lifecycle and be responsible for Client, Carrier, Counsel, and Partner(s) satisfaction and delivering of high quality work product.
Manage budgets on all cases, and provide SOW amendments along with reasons the amendment is needed to Client/Carrier/Counsel before we go over budget. Follow up with Client/Carrier/Counsel to make sure they understand why the amendment is needed and they remain satisfied with our work.
Work with Incident Response team managers to assign the correct team members to each case to meet the Client’s needs and balance utilization across the team.
Regularly view individual time entries to assigned cases to ensure proper entries are being made
Ensure cases are properly staffed through nights, weekends, holidays and personal time off.
Provide, or have another IR team member provide, daily updates to Client/Counsel surrounding the current status of all workstreams on the case, via email and phone call (if necessary)
Communicate regularly with technical and non-technical executives from Client/Counsel/Carrier/AW Partners, and smooth over any issues/concerns that may arise from any of those parties
Lead (with team collaboration) the creation and execution of the overall incident response plan for containment, evidence preservation, root cause analysis, remediation, restoration, data compromise investigation and threat actor communications.
Collaborate with internal AW teams and patterns to ensure we transition IR clients to long term MDR services.
Participate in weekday EM office hours
Participate in weekday EM escalation on call schedule
Participate in weekend EM on call schedule
Participate in holiday EM on call schedule
Participate in IRJS IR Planner reviews
Participate in Client tabletop exercises
Ensure timing of goals for milestones on each case are met to the best of our ability:
Statement of Work delivered (within 30 minutes of scoping call)
IR Kick-Off Email Sent (within 30 minutes of signed SOW)
Containment has begun (within 2 hours of signed SOW – may require full network quarantine)
Root cause identification (within 24 hours of engagement, or as soon as possible)
Remediation of root cause and persistence (within 36 hours after start of engagement)
Critical systems restored (goal of 5 days)
Data compromise investigation findings delivered (10 days or less)
Final findings delivered (within 30 days or less)
Internal data tracking verified, and any necessary carrier reports are completed (throughout the engagement, but within 30 days or less)
MDR sales introduction (within 30 days or less)
Offboarded Completely (within 60 days)
Data return deletion (within 60 days)
Key Skills
Critical thinking and troubleshooting skills
Attention to detail
Organizational skills
Project management skills
Ability to multi-task on more than one case at a time
Verbal and written communication skills
Time-management skills
Documentation skills
Crisis communication skills (i.e. - deescalating)
Ability to anticipate Client needs and questions before they come up
Ability to lead and manage a diverse team of technical experts on multiple cases at a time
Stress management skills
Minimum Qualifications
6 months to 2 years of project and/or case management, technical customer service or similar type of experience
General knowledge of the Cyber Incident Response Lifecycle
Preferred Qualifications
Associate, Bachelors, or Masters Degree in Cybersecurity, Information Technologies, Incident Management, Project Management or similar
Former professional experience serving in a Client-facing role with a willingness and ability to provide a high-level of customer service in time sensitive situations, while maintaining quality standards
Experience with various operating systems, such as Windows, Linux, and Mac OS, and associated common digital artifacts
General knowledge of cyber-attack types and vectors
General knowledge of cybersecurity and cyberattack trends
Demonstrated history of being relied upon to take ownership over tasks, initiatives, and strategies, and provide communication to appropriate parties under tight timelines
Environment and Physical Demands
Must be able to be on calls with Clients for a long period of time, when needed
Mostly remote work; must have quiet environment free of distractions
Work is primarily sedentary in nature and can be executed sitting or standing positions in an office environment.
Requires ability to utilize technology related to using a keyboard, verbal communication, and work with device screens which require visual acuity.
If located in a company office, it often requires mobility to physically navigate the space
May include moving or lifting 25 pounds or less (e.g., office chair, reams of paper).
In the event of business travel, mobility sufficient to utilize public and private transport and navigate to essential locations
Travel Requirements
Minimal – 5-10% for occasional team meetups, conferences or speaking events
At Arctic Wolf, we foster a collaborative and inclusive work environment that thrives on diversity of thought, background, and culture. This is reflected in our multiple awards, including Top Workplace USA (2021-2024), Best Places to Work – USA (2021-2024), Great Place to Work – Canada (2021-2024), Great Place to Work – UK (2024), and Kununu Top Company – Germany (2024). Our commitment to bold growth and shaping the future of security operations is matched by our dedication to customer satisfaction, with over 7,000 customers worldwide and more than 2,000 channel partners globally. As we continue to expand globally and enhance our technology, Arctic Wolf remains the most trusted name in the industry.
Our Values
Arctic Wolf recognizes that success comes from delighting our customers, so we work together to ensure that happens every day. We believe in diversity and inclusion, and truly value the unique qualities and unique perspectives all employees bring to the organization. And we appreciate that—by protecting people’s and organizations’ sensitive data and seeking to end cyber risk— we get to work in an industry that is fundamental to the greater good.
We celebrate unique perspectives by creating a platform for all voices to be heard through our Pack Unity program. We encourage all employees to join or create a new alliance. See more about our Pack Unity here.
We also believe and practice corporate responsibility, and have recently joined the Pledge 1% Movement, ensuring that we continue to give back to our community. We know that through our mission to End Cyber Risk we will continue to engage and give back to our communities.
All wolves receive compelling compensation and benefits packages, including:
Equity for all employees
Flexible time off and paid volunteer days
RRSP and 401k match
Training and career development programs
Comprehensive private benefits plan including medical, mental health, dental, disability, life and AD&D, and value-added services
Robust Employee Assistance Program (EAP) with mental health services
Fertility support and paid parental leave
Arctic Wolf is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics, or any other basis forbidden under federal, provincial, or local law. Arctic Wolf is committed to fostering a welcoming, accessible, respectful, and inclusive environment ensuring equal access and participation for people with disabilities. As such, we strive to make our entire employee experience as accessible as possible and provide accommodations as required for candidates and employees with disabilities and/or other specific needs where possible. Please let us know if you require any accommodations by emailing [email protected].
Security Requirements
Conducts duties and responsibilities in accordance with AWN’s Information Security policies, standards, processes and controls to protect the confidentiality, integrity and availability of AWN business information (in accordance with our employee handbook and corporate policies).
Background checks are required for this position.
This position may require access to information protected under U.S. export control laws and regulations, including the Export Administration Regulations (“EAR”). Please note that, if applicable, an offer for employment will be conditioned on authorization to receive software or technology controlled under these U.S. export control laws and regulations.
Canada only
Australia only
Germany only
