Incident Response Lead

At WHOOP, we’re on a mission to unlock human performance and healthspan. Our wearable technology provides personalized insights that help millions of members better understand their bodies and make smarter decisions about training, recovery, and lifestyle. We are seeking a Incident Response Lead to drive security incident response across the enterprise. In this role, you will serve as the primary internal escalation point and hands-on responder for security incidents, partnering closely with WHOOP’s 24x7 SOC provider and cross-functional stakeholders to investigate, contain, and remediate threats. This is a highly technical individual contributor role with significant ownership and visibility across Security, IT, GRC, and Legal. This role is based in the WHOOP office located in Boston, MA. The successful candidate must be prepared to relocate if necessary to work out of the Boston, MA office. Interested in the role, but don’t meet every qualification? We encourage you to still apply! At WHOOP, we believe there is much more to a candidate than what is written on paper, and we value character as much as experience. As we continue to build a diverse and inclusive environment, we encourage anyone who is interested in this role to apply. WHOOP is an Equal Opportunity Employer and participates in E-verify to determine employment eligibility The WHOOP compensation philosophy is designed to attract, motivate, and retain exceptional talent by offering competitive base salaries, meaningful equity, and consistent pay practices that reflect our mission and core values. At WHOOP, we view total compensation as the combination of base salary, equity, and benefits, with equity serving as a key differentiator that aligns our employees with the long-term success of the company and allows every member of our corporate team to own part of WHOOP and share in the company’s long-term growth and success. The U.S. base salary range for this full-time position is $130,000 - $170,000. Salary ranges are determined by role, level, and location. Within each range, individual pay is based on factors such as job-related skills, experience, performance, and relevant education or training. In addition to the base salary, the successful candidate will also receive benefits and a generous equity package. These ranges may be modified in the future to reflect evolving market conditions and organizational needs. While most offers will typically fall toward the starting point of the range, total compensation will depend on the candidate’s specific qualifications, expertise, and alignment with the role’s requirements. RESPONSIBILITIES: Lead hands-on incident response activities, serving as the primary internal escalation point for security events Serve as the central incident commander across Security, IT, GRC, and Legal during active incidents Partner with the SOC to validate alerts, guide investigations, and drive containment and eradication efforts Conduct host, cloud, and log-based investigations, and coordinate with external forensic firms when needed Maintain and continuously improve incident response playbooks, escalation procedures, and communication workflows Lead post-incident reviews and root cause analysis, ensuring remediation actions are clearly defined and tracked Develop and execute tabletop exercises and incident simulations to test and strengthen response readiness Partner with GRC and Legal to support breach impact assessments and regulatory notification processes Drive continuous improvement of detection and response capabilities across SIEM, EDR, cloud monitoring, and identity systems Own incident metrics and reporting, including response times, trends, and systemic risk reduction initiatives Participate in an on-call escalation rotation to provide after-hours incident leadership when required QUALIFICATIONS: 7+ years of experience in incident response, digital forensics, threat detection, or SOC operations Proven experience leading incident investigations in complex, cloud-native environments Strong experience conducting host, cloud, and log-based investigations Hands-on expertise with SIEM platforms, EDR tools, and cloud security monitoring Experience working with external SOC or MDR providers Strong understanding of attack frameworks (MITRE ATT&CK) and their application to detection and response Experience supporting breach response obligations under GDPR, HIPAA, PCI, or similar regulatory frameworks Excellent communication skills with the ability to coordinate cross-functional stakeholders under pressure Bachelor’s degree or relevant certifications (GCIH, GCFA, CISSP, or equivalent)

{
  "content_hash": "add564139ce924850da956a86baf61b0e45cb780203b3d6f365607899fa3f045",
  "source_hash": "552f5bb1c1d2f30992deda95a86e891f317bc5e0fc2ec1ac02e232b263c0c9bd",
  "last_changed_at": "2026-06-06T07:57:37.966Z",
  "active_status": "active"
}

{
  "language": "en",
  "location": {
    "raw": "Boston, MA",
    "city": "Boston",
    "region": "MA",
    "country": "United States",
    "is_remote": false,
    "confidence": 0.9
  },
  "salary_max": 170000,
  "salary_min": 130000,
  "inferred_at": "2026-06-06T07:57:37.692Z",
  "launch_scope": {
    "reason": "english_us_canada",
    "included": true,
    "language": "en",
    "location": {
      "raw": "Boston, MA",
      "city": "Boston",
      "region": "MA",
      "country": "United States",
      "is_remote": false,
      "confidence": 0.9
    },
    "countries": [
      "United States"
    ]
  },
  "remote_policy": null,
  "salary_period": "year",
  "workplace_type": "on_site",
  "salary_currency": "USD"
}

{}

{
  "lists": [
    {
      "text": "RESPONSIBILITIES:",
      "content": "<div>\n\n<li>\n<p>Lead hands-on incident response activities, serving as the primary internal escalation point for security events</p>\n</li>\n<li>\n<p>Serve as the central incident commander across Security, IT, GRC, and Legal during active incidents</p>\n</li>\n<li>\n<p>Partner with the SOC to validate alerts, guide investigations, and drive containment and eradication efforts</p>\n</li>\n<li>\n<p>Conduct host, cloud, and log-based investigations, and coordinate with external forensic firms when needed</p>\n</li>\n<li>\n<p>Maintain and continuously improve incident response playbooks, escalation procedures, and communication workflows</p>\n</li>\n<li>\n<p>Lead post-incident reviews and root cause analysis, ensuring remediation actions are clearly defined and tracked</p>\n</li>\n<li>\n<p>Develop and execute tabletop exercises and incident simulations to test and strengthen response readiness</p>\n</li>\n<li>\n<p>Partner with GRC and Legal to support breach impact assessments and regulatory notification processes</p>\n</li>\n<li>\n<p>Drive continuous improvement of detection and response capabilities across SIEM, EDR, cloud monitoring, and identity systems</p>\n</li>\n<li>\n<p>Own incident metrics and reporting, including response times, trends, and systemic risk reduction initiatives</p>\n</li>\n<li>\n<p>Participate in an on-call escalation rotation to provide after-hours incident leadership when required</p>\n</li>\n\n</div>"
    },
    {
      "text": "QUALIFICATIONS:",
      "content": "<div>\n\n<li>\n<p>7+ years of experience in incident response, digital forensics, threat detection, or SOC operations</p>\n</li>\n<li>\n<p>Proven experience leading incident investigations in complex, cloud-native environments</p>\n</li>\n<li>\n<p>Strong experience conducting host, cloud, and log-based investigations</p>\n</li>\n<li>\n<p>Hands-on expertise with SIEM platforms, EDR tools, and cloud security monitoring</p>\n</li>\n<li>\n<p>Experience working with external SOC or MDR providers</p>\n</li>\n<li>\n<p>Strong understanding of attack frameworks (MITRE ATT&amp;CK) and their application to detection and response</p>\n</li>\n<li>\n<p>Experience supporting breach response obligations under GDPR, HIPAA, PCI, or similar regulatory frameworks</p>\n</li>\n<li>\n<p>Excellent communication skills with the ability to coordinate cross-functional stakeholders under pressure</p>\n</li>\n<li>\n<p>Bachelor’s degree or relevant certifications (GCIH, GCFA, CISSP, or equivalent)</p>\n</li>\n\n</div>"
    }
  ],
  "country": "US",
  "createdAt": 1773340366472,
  "updatedAt": null,
  "categories": {
    "team": "Information Security",
    "location": "Boston, MA",
    "allLocations": [
      "Boston, MA"
    ]
  },
  "salaryRange": null,
  "workplaceType": "onsite"
}