Incident Response Coordinator

The Computing Services central IT department provides services that have a strategic impact on university goals. We make service decisions based on interaction and valuable input from colleagues engaged in the education, research, and administration efforts of the university. We are a learning organization and approach successes and mistakes as a learning experience to continually cultivate a culture of intelligent risk taking.

We want to hire versatile team members who are inspired and passionate about their work. Join us and be part of a team committed to excellence, innovation, diversity, team and individual growth.

CMU's Computing Services' Information Security Office is searching for a Principal Information Security Engineer/Incident Response Coordinator.

This is an excellent opportunity for someone who thrives in an interesting and challenging work environment. The Principal Information Security Engineer/Incident Response Coordinator (PISE/IRC) is responsible for managing and coordinating the organization's prevention and response to cybersecurity incidents. This role ensures that incidents are prevented, detected, contained, investigated, and remediated efficiently and consistently, minimizing business impact and strengthening cyber resilience.

The PISE/IRC leads in the planning, coordination, and review of incident management and control functions and advises on preventive and detective measures in pursuit of adequate information, computer, and network security on campus. This includes responding to incidents, policy violations, and DMCA notices; analyzing and securing compromised computer systems; working with other groups in the division to assist in securing services as needed;

providing documentation and announcements as regards incident handling, reporting on trends and apparent control gaps, and responding to requests from law enforcement, the Office of General Counsel, and other campus constituents related to information security concerns.

The ideal candidate combines strong technical understanding with exceptional oral and written communication, organization, and decision-making skills.

Your core responsibilities will include:

* Lead and coordinate the end-to-end incident response process from prevention, detection, and response through to post-incident review.

* Serve as the primary point of contact during active security incidents, ensuring timely escalation and clear communication across teams.

* Collaborate with SOC analysts, threat hunters, and system owners to analyze, contain, and remediate threats.

* Maintain and continuously improve incident response plans, playbooks, and communication protocols.

* Facilitate incident response exercises, simulations, and tabletop scenarios to build readiness.

* Coordinate with external stakeholders, including law enforcement, regulatory bodies, and third-party service providers, when required.

* Track incident metrics and produce executive-level reporting and after-action reviews.

* Contribute to threat intelligence sharing and ensure lessons learned are incorporated into security controls and training.

* Support policy and compliance efforts related to incident handling, data protection, and reporting obligations.

* Provide front-line support including SOC coverage and 24x7 on-call rotation, forensic analysis, tool evaluation, eDiscovery support, and training.

* Supervise incident response team staff.

* A combination of education and relevant experience from which comparable knowledge is demonstrated may be considered.

* Other related duties as assigned.

Flexibility, excellence, and passion are vital qualities within Computing Services. Inclusion, collaboration, and cultural sensitivity are valued competencies refore, we are in search of a team member who is able to effectively interact with a varied population of internal and external partners at a high level of integrity. We are looking for someone who shares our values and who will support the mission of the university through their work.

Qualifications:

* Bachelor's Degree

* 8-10 years of years experience with information security and incident handling in a complex, distributed computing…