• Own the incident response lifecycle for high-severity security events, including triage, investigation, containment, remediation, recovery, and post-incident review.
• Act as incident commander, coordinating technical teams and key stakeholders during complex security incidents.
• Build, maintain, and test incident response runbooks covering Mistral’s most important risk scenarios.
• Develop and operate forensic capabilities across cloud, containerized, on-premises, and endpoint environments.
• Preserve, collect, and analyze digital evidence using rigorous and repeatable forensic methodologies.
• Partner with SOC and Detection Engineering teams to strengthen detection-to-response workflows and improve investigative readiness.
• Design and facilitate tabletop exercises with engineering, legal, communications, and leadership stakeholders.
• Lead blameless post-mortems and ensure lessons learned translate into durable technical and organizational improvements.
• Define clear incident communication and escalation practices for both technical and non-technical stakeholders.
• Contribute to the long-term development of Mistral’s incident response function, with the potential to mentor or lead future team members.