Security IR Manager

The world of digital assets is accelerating in speed, magnitude, and complexity, opening the door to new ways for leveraging the blockchain. Fireblocks’ platform and network provide the simplest and most secure way for companies to work with digital assets and it trusted by some of the largest financial institutions, banks, globally-recognized brands, and Web3 companies in the world, including BNY Mellon, BNP Paribas, ANZ Bank, Revolut, and thousands more.

Role Overview

We are seeking an experienced Incident Response leader to own and lead the company’s response to large-scale, high-impact cyber incidents. This role is responsible not only for technical response, but for cross-company crisis coordination, executive decision support, and ensuring fast, controlled mitigation across engineering, product, legal, communications, and leadership teams.

This is a leadership role for someone who has personally led complex incidents under pressure — including situations involving material business risk, customer impact, regulatory exposure, and executive visibility.

Key Responsibilities

Incident Leadership & Crisis Management

Serve as the Incident Commander for high-severity cyber incidents, including breaches, supply-chain attacks, insider threats, and platform-wide security events.

Lead company-wide incident response efforts, coordinating technical, operational, legal, communications, and executive stakeholders.

Stand up and orchestrate crisis management teams during major incidents, ensuring clear ownership, decision-making, and execution under pressure.

Drive rapid containment, eradication, and recovery while balancing business continuity, customer impact, and regulatory obligations.

Act as the primary point of contact to executive leadership during incidents, providing clear, concise, timely, and actionable updates.

Cross-Department Coordination

Orchestrate response activities across Security, Infrastructure / Cloud Operations, Product & Application Security

Ensure alignment between technical response actions and business, legal, and regulatory considerations.

Manage external parties when needed

Preparedness & Operational Excellence

Own and continuously improve the incident response framework, including severity definitions, escalation paths, and decision authority.

Design and run executive-level incident simulations and tabletop exercises, including cross-functional and leadership participation.

Ensure high-quality post-incident reviews that result in measurable improvements to controls, detection, and response readiness.

Define and track incident response metrics (MTTD, MTTR, blast radius, decision latency).

Track and follow-up on lessons learned and enhancements to ensure implementation and continuous improvement.

Required Experience & Qualifications

10+ years in cybersecurity, with significant incident response management experience.

Proven experience leading large-scale, cross-company cyber incidents, including incidents involving:

Multiple engineering and operational teams

Executive leadership and board-level visibility

Demonstrated experience acting as Incident Commander or equivalent role during major security events for at least 15 incidents in the past 5 years.

Strong understanding of:

Cloud and SaaS architectures

Identity, access control, and infrastructure security

Detection and response technologies (SIEM, EDR, cloud-native tools)

Offensive background

Ability to translate technical facts into business impact and risk-based decisions.

Critical Skills & Attributes

Crisis leadership: Calm, decisive, and structured under extreme pressure.

Authority without ego: Able to lead across departments without formal reporting lines.

Executive communication: Clear, concise, and credible with senior leadership.

Systems thinker: Understands how technical, human, and process failures compound during incidents.

Bias for action: Moves quickly while maintaining discipline and documentation.

Analytical thinking: Attention to details and ability to connect multiple dots into a concise and accurate picture.

Previous experience at Mandiant, Sygnia, CrowdStrike, Unit 42, or similar elite IR teams

Experience in crypto, fintech, custody, payments, or highly regulated environments

Hands-on background in forensics, threat hunting, or security engineering

Nice to Have

Experience in crypto, fintech, cloud infrastructure, or highly regulated environments

Experience supporting regulatory notifications and post-incident audits

Background in forensics, threat intelligence, or security engineering

Familiarity with NIST, ISO 27035, or similar incident response frameworks (practical application, not checkbox compliance)

Fireblocks' mission is to enable every business to easily and securely access digital assets and cryptocurrencies. In order to do that, we strongly believe our workforce should be as diverse as our clients, and this is why we embrace diversity and inclusion in all its forms.

Please see our candidate privacy policy here.