Security IR Director

The world of digital assets is accelerating in speed, magnitude, and complexity, opening the door to new ways for leveraging the blockchain. Fireblocks’ platform and network provide the simplest and most secure way for companies to work with digital assets and it trusted by some of the largest financial institutions, banks, globally-recognized brands, and Web3 companies in the world, including BNY Mellon, BNP Paribas, ANZ Bank, Revolut, and thousands more. 

Role Overview

We are seeking an experienced Incident Response leader to own and lead the company’s response to large-scale, high-impact cyber incidents. This role is responsible not only for technical response, but for cross-company crisis coordination, executive decision support, and ensuring fast, controlled mitigation across engineering, product, legal, communications, and leadership teams.

This is a leadership role for someone who has personally led complex incidents under pressure — including situations involving material business risk, customer impact, regulatory exposure, and executive visibility.

Key Responsibilities

Incident Leadership & Crisis Management

• Serve as the Incident Commander for high-severity cyber incidents, including breaches, supply-chain attacks, insider threats, and platform-wide security events.
• Lead company-wide incident response efforts, coordinating technical, operational, legal, communications, and executive stakeholders.
• Stand up and orchestrate crisis management teams during major incidents, ensuring clear ownership, decision-making, and execution under pressure.
• Drive rapid containment, eradication, and recovery while balancing business continuity, customer impact, and regulatory obligations.
• Act as the primary point of contact to executive leadership during incidents, providing clear, concise, timely, and actionable updates.

Cross-Department Coordination

• Orchestrate response activities across Security, Infrastructure / Cloud Operations, Product & Application Security
• Ensure alignment between technical response actions and business, legal, and regulatory considerations.
• Manage external parties when needed  

Preparedness & Operational Excellence

• Own and continuously improve the incident response framework, including severity definitions, escalation paths, and decision authority.
• Design and run executive-level incident simulations and tabletop exercises, including cross-functional and leadership participation.
• Ensure high-quality post-incident reviews that result in measurable improvements to controls, detection, and response readiness.
• Define and track incident response metrics (MTTD, MTTR, blast radius, decision latency).
• Track and follow-up on lessons learned and enhancements to ensure implementation and continuous improvement.

Required Experience & Qualifications

• 10+ years in cybersecurity, with significant incident response management experience.
• Proven experience leading large-scale, cross-company cyber incidents, including incidents involving:
• Multiple engineering and operational teams
• Executive leadership and board-level visibility
• Demonstrated experience acting as Incident Commander or equivalent role during major security events for at least 15 incidents in the past 5 years.
• Strong understanding of:
• Cloud and SaaS architectures
• Identity, access control, and infrastructure security
• Detection and response technologies (SIEM, EDR, cloud-native tools)
• Offensive background
• Ability to translate technical facts into business impact and risk-based decisions.

Critical Skills & Attributes

• Crisis leadership: Calm, decisive, and structured under extreme pressure.
• Authority without ego: Able to lead across departments without formal reporting lines.
• Executive communication: Clear, concise, and credible with senior leadership.
• Systems thinker: Understands how technical, human, and process failures compound during incidents.
• Bias for action: Moves quickly while maintaining discipline and documentation.
• Analytical thinking: Attention to details and ability to connect multiple dots into a concise and accurate picture.
• Previous experience at Mandiant, Sygnia, CrowdStrike, Unit 42, or similar elite IR teams
• Experience in crypto, fintech, custody, payments, or highly regulated environments
• Hands-on background in forensics, threat hunting, or security engineering

Nice to Have

• Experience in crypto, fintech, cloud infrastructure, or highly regulated environments
• Experience supporting regulatory notifications and post-incident audits
• Background in forensics, threat intelligence, or security engineering
• Familiarity with NIST, ISO 27035, or similar incident response frameworks (practical application, not checkbox compliance)

Fireblocks' mission is to enable every business to easily and securely access digital assets and cryptocurrencies. In order to do that, we strongly believe our workforce should be as diverse as our clients, and this is why we embrace diversity and inclusion in all its forms. 

Please see our candidate privacy policy here.