Technical Lead, Security & Governance, Incident Response

We are looking for an experienced security leader with deep technical expertise and a genuine passion for cybersecurity to lead our Incident Response team. This person sets the pace for the team. Decisive, proactive, and relentless about closure without needing hand-holding or repeated follow-up. Beyond incident response, this person will drive innovation, strengthen team capabilities, and champion operational excellence through continuous improvement., * Lead and coordinate incident response activities across the enterprise, serving as the primary decision-maker during active security events.

• Triage and investigate incoming alerts, determining severity, scope, and appropriate remediation path with speed and precision.
• Manage firewall rule reviews, approvals, and modifications in response to incidents, threat intelligence, and operational needs.
• Own the vulnerability management lifecycle, tracking findings, prioritizing remediation, and driving closure across teams.
• Evaluate and process exception requests for security alerts, applying sound risk-based judgment to approve, escalate, or deny.
• Document incident timelines, findings, and lessons learned to support post-incident reviews and continuous improvement.
• Build, refine, and operationalize IR processes, playbooks, and runbooks that ensure processes are repeatable and transferable across the team.
• Identify gaps in current IR workflows and lead initiatives to modernize response operations, including automation opportunities and tooling improvements.
• Mentor and develop IR team members, fostering a culture of continuous learning and operational accountability.
• Participate in a rotating on-call schedule, providing after-hours and weekend coverage for active incidents and critical escalations.
• Collaborate with stakeholders across IT and the business to communicate incident status, risk exposure, and remediation progress clearly and concisely.

• 6+ years of hands-on experience across core security domains, including firewalls, IDS/IPS, endpoint protection, authentication systems, SIEM/log management, and content filtering.
• 5+ years in a Security Engineer, Systems Security Engineer, or equivalent role.
• Experience automating tasks and building tooling using Python or equivalent scripting languages.
• Hands-on experience working within SIEM, EDR, and case management platforms in an operational IR environment.
• Strong working knowledge of network security technologies, protocols, and monitoring tools.
• Solid understanding of modern security principles, frameworks, and emerging threat techniques.
• Familiarity with web technologies, web application security, web services, and SOA architectures.
• Demonstrated ability to triage and resolve alerts effectively, including during off-hours, with accountability and follow-through.
• Self-directed, able to manage competing priorities with minimal supervision in a fast-paced environment.
• Exceptional problem-solving skills with the ability to navigate ambiguity and deliver clear solutions to complex technical challenges.
• Strong communicator, equally comfortable in a technical deep-dive and an executive briefing.

Allied World is an ideal place for talented professionals who are driven by a belief in the value of collaboration and the power of knowledge. We believe that when our great people work together and support one another, our clients receive the best solutions. We embrace unique perspectives and empower each person to grow through professional development, career training and mentoring programs. Our people are our most important asset, and we are very proud of the quality of our team members.