Sr Mgr, IT - Cyber Incident Response

This is where your work makes a difference.

At Baxter, we believe every person—regardless of who they are or where they are from—deserves a chance to live a healthy life. It was our founding belief in 1931 and continues to be our guiding principle. We are redefining healthcare delivery to make a greater impact today, tomorrow, and beyond.

Our Baxter colleagues are united by our Mission to Save and Sustain Lives. Together, our community is driven by a culture of courage, trust, and collaboration. Every individual is empowered to take ownership and make a meaningful impact. We strive for efficient and effective operations, and we hold each other accountable for delivering exceptional results.

Here, you will find more than just a job—you will find purpose and pride. 

Job Overview

Sr Manager – Cyber Incident Response, is a senior technical leader and team lead responsible for directing the Incident Response teams, day-to-day incident response operations. This is a hands-on leadership role—overseeing complex investigations, performing deep technical analysis, guiding containment and remediation efforts, and ensuring the timely resolution of cybersecurity incidents.

The Sr Manager will manage, lead and maintain a team of incident responders and forensics analysts, act as the escalation point for critical events, and serve as the technical bridge between analysts, detection engineering, threat intelligence, and the Associate Director of Incident Response. This is a leadership position, that also manages shift coverage and incident triage to maintain 24x7 operational readiness, coordinating schedules and workload with peers in other Baxter SOC locations to ensure seamless global coverage.

What you'll be doing

• Lead the detection, analysis, containment and recovery phases for high-severity security incidents.
• Serve as the highest technical escalation point for the IR team, providing advanced troubleshooting, forensics, and malware analysis. - Provide hands-on guidance in the use of SIEM, SOAR, EDR (Etc) platforms.
• Active involvement in major investigations—reviewing artifacts, logs, and alerts to validate findings. Coordinate incident response efforts within IR and other IT teams to ensure efficient resolution.
• Perform and guide log analysis, packet captures, endpoint forensic imaging, and reverse engineering where needed.
• Partner with Threat Intelligence and tools teams to integrate real-time threat data into IR processes.
• Review and tune detection rules, SIEM queries, and automated response workflows to improve signal-to-noise ratio.

Leadership

• Manage, develop and assist with recruitment of high skilled team of Analysts.
• Manage shift coverage and triage to maintain 24x7 operational readiness, coordinating schedules and workload with peers in other SOC locations to ensure seamless global coverage.
• Continually improve detection capabilities through (example) post-incident root cause analysis, metrics reviews, cross-IR team reviews etc.  Additionally, create and refine incident playbooks and runbooks to ensure consistency and speed in response.
• Conduct regular tabletop and live-fire exercises with the team.
• Provide technical incident summaries to the Associate Director of IR and relevant stakeholders.

What you'll bring

• Bachelor’s degree in Cybersecurity, Computer Science, or related field (equivalent experience accepted).
• 14+ years in cybersecurity with at least 3 years focused on incident response and digital forensics.
• Demonstrated ability to lead investigations and investigative teams, in a high-pressure, 24/7 operational environment.
• Proficient in incident triage, log analysis, and endpoint/network forensics.
• Strong experience with SIEM (Splunk, Sentinel, QRadar, etc.), SOAR platforms, and EDR tools (CrowdStrike, Defender for Endpoint, Carbon Black, etc.).
• Familiarity with malware reverse engineering and memory analysis tools.
• Solid understanding of attack frameworks (MITRE ATT&CK, Cyber Kill Chain) and response frameworks (NIST 800-61, ISO 27035).
• Soft Skills
• Strong communicator able to distill technical findings for both technical and non-technical audiences.
• Skilled at leading teams during high-pressure security incidents.
• Analytical and detail-oriented with strong problem-solving skills.

Equal Employment Opportunity

Baxter is an equal opportunity employer. Baxter evaluates qualified applicants without regard to race, color, religion, gender, national origin, age, sexual orientation, gender identity or expression, protected veteran status, disability/handicap status or any other legally protected characteristic.

Reasonable Accommodations

Baxter is committed to working with and providing reasonable accommodations to individuals with disabilities globally. If, because of a medical condition or disability, you need a reasonable accommodation for any part of the application or interview process, please click on the link here and let us know the nature of your request along with your contact information.

Recruitment Fraud Notice

Baxter has discovered incidents of employment scams, where fraudulent parties pose as Baxter employees, recruiters, or other agents, and engage with online job seekers in an attempt to steal personal and/or financial information. To learn how you can protect yourself, review our Recruitment Fraud Notice.