Cybersecurity Operations & Incident Response Lead

ABOUT US

Coastal is at the forefront of modern banking, combining strong financial infrastructure with cutting-edge Banking-as-a-Service (BaaS) and fintech enablement strategies. We support not only individuals with their personal banking needs; we also empower businesses by integrating modern banking technology that drives growth, flexibility, and innovation.

At Coastal, we think and move like entrepreneurs; focused on impact, speed, and continuous improvement. We believe in working smart, collaborating deeply, and building solutions that unlock real potential. If you're someone who thrives in a fast-moving environment, loves solving complex problems, and wants to help shape the future of banking, we’d love to meet you.

Check out our video here!

OVERVIEW

The Cybersecurity Operations & Incident Response Lead builds and runs Coastal’s 24×7 security operations capability—people, processes, and technology—across a hybrid environment that blends legacy on-premises systems with modern cloud services and custom-developed APIs. You will lead security monitoring, incident response, detection engineering/content development, and vulnerability management. You’ll also own the relationship with our third-party SOC, ensuring use-cases, playbooks, and tuning are tightly aligned to our business, our risk profile, and our environment.

This role blends hands-on technical depth with calm, decisive leadership during security events, enabling Coastal to detect, respond to, and recover from threats swiftly and consistently.

RESPONSIBILITIES TO INCLUDE

Security Monitoring & Detection Engineering

• Own SIEM/SOAR strategy and daily operations; drive log onboarding, normalization, and high-fidelity detections across the entire technology landscape, including but not limited to:

  • Core technology infrastructure: Active Directory Domain Services, Entra ID, Okta, Azure control plane, Zscaler, Windows and macOS endpoints, hybrid network

  • Productivity/G&A systems: M365, SaaS

  • Business-specific systems: Azure IaaS/PaaS services, custom-developed API services, banking core, financial ledger and reporting systems

• Coordinate with Engineering and IT to build detection engineering into system development lifecycle.

• Develop, test, and maintain detection content (e.g., KQL/Sigma), alert routing, and enrichment pipelines that reduce noise and increase true-positive rates.

• Integrate threat intelligence (strategic, operational, and technical) into detections and response workflows.

Incident Response

• Serve as incident response commander for high-severity incidents; coordinate cross-functional responders in Infrastructure, IT, Engineering, Legal, and Compliance.

• Build, maintain, and continuously improve standard operating procedures (SOPs), runbooks, and playbooks.

• Maintain and exercise incident response plans through tabletop and similar activities.

• Mature evidence handling, forensics workflows, and case management; ensure accurate timelines and regulator-ready documentation.

• Drive post-incident reviews with measurable corrective actions (people/process/technology) and executive readouts.

Vulnerability & Exposure Management and Threat Hunting

• Own the vulnerability management lifecycle, ensuring coverage of vulnerability discovery, triage, and management across servers, endpoints, network, cloud subscriptions, containers/images, and custom APIs.

• Prioritize remediation using risk-based scoring and exploit intelligence.

• Track configuration and identity hygiene (e.g., privileged accounts, conditional access, MFA coverage, device compliance) and partner with owners to close gaps.

• Building and maturing a threat hunting and purple team function as part of the overall Security & Threat Operations maturation roadmap.

SOC/MSSP Governance

• Lead day-to-day oversight of the third-party SOC: queue hygiene, case quality, SLAs, runbook adherence, and continuous tuning to our environment.

• Ensure vendor tooling integrations, data retention, and access are compliant with Coastal policies and regulatory expectations.

Security and Threat Operations Leadership

• Establish operating rhythms (standups, metrics reviews, post-incident retrospectives) and standard operating procedures for response, containment, eradication, and recovery.

• Build and maintain a Security and Threat Operations strategy in coordination with the Director of Security Engineering and Operations, CISO, and other stakeholders, including software engineering, data engineering, and IT.

• Develop and report on KPIs and KRIs for the Security and Threat Operations function.

Governance, Risk, Audit & Reporting

• Align SecOps processes to FFIEC/GLBA expectations and industry frameworks (NIST CSF and Cyber Risk Institute Profile).

• Prepare evidence for audits/exams; provide clear, actionable metrics and board-level reporting on SOC performance, incident trends, control coverage, and risk reduction.

• Partner with Legal, Compliance, Privacy, and Third-Party Risk on obligations and notifications.

Culture, Training & Readiness

• Coach analysts on analytical rigor, bias reduction, and structured investigations.

• Promote a blameless, learning-oriented culture that prizes speed, accuracy, and craftsmanship.

QUALIFICATIONS

• Demonstrated success operating in hybrid environments spanning on-prem AD, Entra ID (Azure AD), Okta, Azure, Microsoft 365, Zscaler, and containerized workloads/APIs.

• Hands-on expertise with SIEM/SOAR, EDR, log pipelines, and detection content development including tuning and QA.

• Proven incident commander for high-impact events; adept with forensics, scoping, containment, and executive communication.

• Strong vulnerability management leadership across technology areas, including risk-based prioritization and remediation orchestration.

• Familiarity with MITRE ATT&CK, cyber kill chain, and threat-led validation (purple teaming).

• Experience managing outsourced SOC/MSSP providers with measurable improvements to signal quality and response times.

• Excellent communication skills—able to translate technical risks into business terms and influence across stakeholders.

• Familiarity with scripting or automation tools (e.g., Python, TypeScript) to streamline operations processes.

EDUCATION/EXPERIENCE

• 8+ years in Security Operations, Incident Response, Detection Engineering, or Threat Hunting.

• 3+ years team lead experience.

• Bachelor’s degree in Information Security, Computer Science, or related field, or equivalent practical experience.

• Prior experience in a regulated environment (finance, healthcare, etc.) is strongly preferred.

HOW YOU’LL THRIVE AT COASTAL

• Be the Best – Communicate effectively, pay close attention to detail, and prioritize your personal development.

• Be Relentless – Thrive in a goal-oriented environment exercising both patience and persistence. Advocate for our customers and team members and strive to promote the Coastal Difference.

• Be Un-Bankey – Be a forward thinker with a creative mindset. Build long-lasting relationships promoting the Coastal Difference, built on a foundation of integrity, honesty, and trust.

• Embrace Gray Thinking – Use sound judgment while decision-making and problem-solving. Think outside the box.

• Stay Flexible – Organize and strategize effectively while always being prepared to adapt on the fly. Seek efficiencies for Coastal to work smarter, not harder.

• Take Care of Each Other – Understand what it means to be a true team player and have your teammate's back. Practice self-awareness and build your emotional intelligence.

BEING YOU AT COASTAL

Coastal is an equal opportunity employer. We are committed to providing a workplace free from discrimination and harassment. All employment decisions are based on merit, qualifications, and business needs. We do not discriminate on the basis of race, color, religion, sex, national origin, age, disability, veteran status, or any other protected status under applicable laws.

BENEFITS WE OFFER

We’re proud to offer a comprehensive benefits package designed to support your health, financial well-being, and work-life balance. Our offerings include:

• Medical Coverage: Choose from three competitive medical plans to find the coverage that best fits your needs and lifestyle.

• Health Savings Account (HSA): Available with eligible medical plans, offering tax advantages and employer contributions.

• Flexible Spending Accounts (FSA): Options for healthcare and dependent care expenses to help you save on out-of-pocket costs.

• Dental and Vision Insurance: Plans to keep you and your family smiling and seeing clearly.

• Life Insurance: Company-paid basic life insurance with options to purchase additional coverage for yourself and your dependents.

• Long-Term /Short-Term Disability (LTD): Income protection in the event of a long-term illness or injury.

• Supplemental Benefits: Including Hospital Indemnity, Accident Insurance, and Critical Illness coverage to provide extra financial support when you need it most.

• 401(k) Retirement Plan: A competitive retirement savings plan with company matching to help you plan for the future.

• Paid Time Off: Generous vacation and sick leave policies to support your time away from work.

• Holidays: Enjoy 11 paid holidays throughout the year.

Check out our benefits on our careers site!!

PHYSICAL DEMANDS

The physical demands described below are required to perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

While performing the duties of this job, the employee must be able to:

• Sit for extended periods of time.

• Stand for extended periods of time.

• Perform repetitive finger, hand, and arm movement.

• Use electronic office equipment such as a computer keyboard, mouse, ten key, telephone, etc.

• View and read computer screens for extended periods.

• Occasionally stoop, kneel, crouch, or crawl.

• Occasionally lift or move up to 10 pounds.

OTHER DUTIES

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.