Security IR Director at Fireblocks

<div class="content-intro"><p>The world of digital assets is accelerating in speed, magnitude, and complexity, opening the door to new ways for leveraging the blockchain. Fireblocks’ platform and network provide the simplest and most secure way for companies to work with digital assets and it trusted by some of the largest financial institutions, banks, globally-recognized brands, and Web3 companies in the world, including BNY Mellon, BNP Paribas, ANZ Bank, Revolut, and thousands more.&nbsp;</p></div><h2><strong>Role Overview</strong></h2> <p>We are seeking an <strong>experienced Incident Response leader</strong> to own and lead the company’s response to <strong>large-scale, high-impact cyber incidents</strong>. This role is responsible not only for technical response, but for <strong>cross-company crisis coordination</strong>, executive decision support, and ensuring fast, controlled mitigation across engineering, product, legal, communications, and leadership teams.</p> <p>This is a<strong> leadership role</strong> for someone who has personally led complex incidents under pressure — including situations involving <strong>material business risk, customer impact, regulatory exposure, and executive visibility</strong>.</p> <h2><strong>Key Responsibilities</strong></h2> <h3><strong>Incident Leadership &amp; Crisis Management</strong></h3> <ul> <li>Serve as the <strong>Incident Commander</strong> for high-severity cyber incidents, including breaches, supply-chain attacks, insider threats, and platform-wide security events.</li> <li>Lead <strong>company-wide incident response efforts</strong>, coordinating technical, operational, legal, communications, and executive stakeholders.</li> <li>Stand up and orchestrate <strong>crisis management teams</strong> during major incidents, ensuring clear ownership, decision-making, and execution under pressure.</li> <li>Drive <strong>rapid containment, eradication, and recovery</strong> while balancing business continuity, customer impact, and regulatory obligations.</li> <li>Act as the primary point of contact to <strong>executive leadership</strong> during incidents, providing clear, concise, timely, and actionable updates.</li> </ul> <h3><strong>Cross-Department Coordination</strong></h3> <ul> <li>Orchestrate response activities across Security, Infrastructure / Cloud Operations, Product &amp; Application Security</li> <li>Ensure alignment between <strong>technical response actions</strong> and <strong>business, legal, and regulatory considerations</strong>.</li> <li>Manage external parties when needed&nbsp;&nbsp;</li> </ul> <h3><strong>Preparedness &amp; Operational Excellence</strong></h3> <ul> <li>Own and continuously improve the <strong>incident response framework</strong>, including severity definitions, escalation paths, and decision authority.</li> <li>Design and run <strong>executive-level incident simulations and tabletop exercises</strong>, including cross-functional and leadership participation.</li> <li>Ensure high-quality <strong>post-incident reviews</strong> that result in measurable improvements to controls, detection, and response readiness.</li> <li>Define and track <strong>incident response metrics</strong> (MTTD, MTTR, blast radius, decision latency).</li> <li>Track and follow-up on lessons learned and enhancements to <strong>ensure implementation and continuous improvement</strong>.</li> </ul> <h2><strong>Required Experience &amp; Qualifications</strong></h2> <ul> <li><strong>10+ years</strong> in cybersecurity, with <strong>significant incident response management experience</strong>.</li> <li>Proven experience <strong>leading large-scale, cross-company cyber incidents</strong>, including incidents involving:</li> <ul> <li>Multiple engineering and operational teams</li> <li>Executive leadership and board-level visibility</li> </ul> <li>Demonstrated experience acting as <strong>Incident Commander</strong> or equivalent role during major security events for at least 15 incidents in the past 5 years.</li> <li>Strong understanding of:</li> <ul> <li>Cloud and SaaS architectures</li> <li>Identity, access control, and infrastructure security</li> <li>Detection and response technologies (SIEM, EDR, cloud-native tools)</li> </ul> <li>Offensive background</li> <li>Ability to translate <strong>technical facts into business impact and risk-based decisions</strong>.</li> </ul> <h2><strong>Critical Skills &amp; Attributes</strong></h2> <ul> <li><strong>Crisis leadership:</strong> Calm, decisive, and structured under extreme pressure.</li> <li><strong>Authority without ego:</strong> Able to lead across departments without formal reporting lines.</li> <li><strong>Executive communication:</strong> Clear, concise, and credible with senior leadership.</li> <li><strong>Systems thinker:</strong> Understands how technical, human, and process failures compound during incidents.</li> <li><strong>Bias for action:</strong> Moves quickly while maintaining discipline and documentation.</li> <li><strong>Analytical thinking:</strong> Attention to details and ability to connect multiple dots into a concise and accurate picture.</li> <li><strong>Previous experience at Mandiant, Sygnia, CrowdStrike, Unit 42, or similar elite IR teams</strong></li> <li>Experience in <strong>crypto, fintech, custody, payments, or highly regulated environments</strong></li> <li>Hands-on background in <strong>forensics, threat hunting, or security engineering</strong></li> </ul> <p>&nbsp;</p> <h2><strong>Nice to Have</strong></h2> <ul> <li>Experience in <strong>crypto, fintech, cloud infrastructure, or highly regulated environments</strong></li> <li>Experience supporting <strong>regulatory notifications</strong> and post-incident audits</li> <li>Background in <strong>forensics, threat intelligence, or security engineering</strong></li> <li>Familiarity with <strong>NIST, ISO 27035, or similar incident response frameworks</strong> (practical application, not checkbox compliance)</li> </ul><div class="content-conclusion"><p><em>Fireblocks' mission is to enable every business to easily and securely access digital assets and cryptocurrencies. In order to do that, we strongly believe&nbsp;our workforce should be as diverse as our clients, and this is why we&nbsp;embrace diversity and inclusion in all its forms.&nbsp;</em></p> <h6><em><a href="https://www.fireblocks.com/candidate-privacy-notice/" target="_blank">Please see our candidate privacy policy here</a>.</em></h6></div>