"Incident Response Coordinator"

CMU's Computing Services' Information Security Office is searching for a Principal Information Security Engineer/Incident Response Coordinator.

This is an excellent opportunity for someone who thrives in an interesting and challenging work environment. The Principal Information Security Engineer/Incident Response Coordinator (PISE/IRC) is responsible for managing and coordinating the organization's prevention and response to cybersecurity incidents. This role ensures that incidents are prevented, detected, contained, investigated, and remediated efficiently and consistently, minimizing business impact and strengthening cyber resilience.

The PISE/IRC leads in the planning, coordination, and review of incident management and control functions and advises on preventive and detective measures in pursuit of adequate information, computer, and network security on campus. This includes responding to incidents, policy violations, and DMCA notices; analyzing and securing compromised computer systems; working with other groups in the division to assist in securing services as needed; providing documentation and announcements as regards incident handling, reporting on trends and apparent control gaps, and responding to requests from law enforcement, the Office of General Counsel, and other campus constituents related to information security concerns.

The ideal candidate combines strong technical understanding with exceptional oral and written communication, organization, and decision-making skills.

Your core responsibilities will include:

• Lead and coordinate the end-to-end incident response process from prevention, detection, and response through to post-incident review.
• Serve as the primary point of contact during active security incidents, ensuring timely escalation and clear communication across teams.
• Collaborate with SOC analysts, threat hunters, and system owners to analyze, contain, and remediate threats.
• Maintain and continuously improve incident response plans, playbooks, and communication protocols.
• Facilitate incident response exercises, simulations, and tabletop scenarios to build readiness.
• Coordinate with external stakeholders, including law enforcement, regulatory bodies, and third-party service providers, when required.
• Track incident metrics and produce executive-level reporting and after-action reviews.
• Contribute to threat intelligence sharing and ensure lessons learned are incorporated into security controls and training.
• Support policy and compliance efforts related to incident handling, data protection, and reporting obligations.
• Provide front-line support including SOC coverage and 24x7 on-call rotation, forensic analysis, tool evaluation, eDiscovery support, and training.
• Supervise incident response team staff.
• A combination of education and relevant experience from which comparable knowledge is demonstrated may be considered.
• Other related duties as assigned.

Qualifications:

• Bachelor's Degree
• 8-10 years of years experience with information security and incident handling in a complex, distributed computing environment. Knowledge of contemporary computing technologies,

Requirements:

• Successful background check
• This position involves access to items or technical data controlled under the U.S. International Traffic in Arms Regulations ("ITAR"). Under U.S. export control laws, restrictions apply to the release or disclosure within the United States of ITAR-controlled technical data to individuals who are NOT "U.S. Persons." U.S. Persons include U.S. citizens, U.S. nationals, persons lawfully admitted for U.S. permanent residence ("green card" holders), persons granted U.S. asylum status and persons granted U.S. refugee status.
• Carnegie Mellon's Computing Services can rely on ITAR authorizations to provide access to ITAR-controlled items for certain eligible applicants who are not U.S. Persons. However, for Computing Services to ensure compliance with the ITAR, applicants who are NOT U.S. Persons are not eligible for this position if they are current or former permanent residents, nationals, or citizens of the following arms-embargoed or ITAR-restricted countries: Afghanistan, Belarus, Burma, Cambodia, Central African Republic, China, Cuba, Cyprus, Democratic Republic of Congo, Ethiopia, Eritrea, Haiti, Iran, Iraq, Lebanon, Libya, Nicaragua, North Korea, Russia, Somalia, South Sudan, Sudan, Syria, Venezuela, and Zimbabwe.

"Applicants for this position must be currently legally authorized to work for CMU in the United States. CMU will not sponsor or take over sponsorship of an employment visa for this opportunity."