Incident Response Principal

As an Incident Response Principal at Clario, you will play a critical leadership role in guiding a team of SOC Analysts and Engineers, including internal staff and managed service providers, to strengthen our security operations. You will serve as a subject-matter expert across incident response, detection engineering, service delivery, and threat intelligence. In this role, you will drive enhancements to SOC capabilities, lead major investigations, measure operational effectiveness through KPIs and SLAs, and elevate our threat detection and response posture. Your work directly supports Clario’s mission to deliver top-tier security services that protect the healthcare and biopharmaceutical industries.

What We Offer

• Competitive compensation
• Medical, dental, and vision coverage
• Flexible and paid time off
• Remote work options
• Tuition reimbursement
• Employee assistance and wellness programs; life and disability insurance

What You’ll Be Doing

• Lead and mentor cybersecurity professionals across threat hunting, cyber threat intelligence, detection engineering, and incident response.
• Develop and execute strategic initiatives to advance SOC maturity and enhance operational effectiveness.
• Oversee intelligence-driven threat‑hunting activities to identify and mitigate emerging security risks.
• Partner with detection engineers to refine detection capabilities, optimize SIEM rules, and develop behavioral analytics for advanced threat detection.
• Lead incident response activities, ensuring rapid containment, mitigation, and remediation of cybersecurity incidents.
• Conduct post-incident reviews to continually improve processes and strengthen prevention and response mechanisms.
• Oversee real-time security monitoring to ensure rapid identification and triage of threats and vulnerabilities.
• Collaborate with IT, Risk, Compliance, and senior leadership to communicate risks, trends, and strategic recommendations.
• Continuously assess SOC workflows, automation maturity, and tooling; maintain playbooks, SOPs, and supporting documentation.
• Ensure compliance with relevant frameworks (NIST, ISO 27001, MITRE ATT&CK) and prepare reporting on key security metrics and incident trends.
• Provide coaching, mentorship, and training to develop SOC team capabilities and support professional growth.

What We Look For

• Bachelor’s degree in Management of Information Systems or related field; Associate degree may be considered with relevant experience and certifications.
• Industry certifications such as CISSP, CISM, or GIAC (GCIH, GCFA, GCTI) or CySA+ are highly desirable.
• 4–6 years of experience in a senior cybersecurity operations role, ideally within a SOC environment.
• Experience leading teams and collaborating effectively with service partners.
• Strong expertise in threat intelligence, threat hunting, detection engineering, and incident response methodologies.
• Hands‑on experience with SIEM, EDR/XDR, IDS/IPS, and SOAR technologies.
• Strong understanding of MITRE ATT&CK, NIST CSF, ISO frameworks, and CIS Controls.
• Experience with scripting and automation tools (Python, KQL, PowerShell) to enhance security operations.
• Demonstrated ability to drive continuous improvement and innovation in SOC processes.
• Strong analytical and decision‑making skills under pressure.
• Excellent communication and leadership skills, able to engage both technical teams and executives.
• Knowledge of networking fundamentals (OSI model, TCP/IP, DNS, HTTP, SMTP) and cloud computing.
• Based in and able to work remotely from the United States.

At Clario, our purpose is to transform lives by unlocking better evidence. It’s a cause that unites and inspires us. It’s why we come to work—and how we empower our people to make a positive impact every day. Whether you're advancing clinical science, building innovative technology, or supporting our global teams, your work helps bring life-changing therapies to patients faster.

Clario is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.