Senior Cybersecurity Incident Responder

Since 1999, Stream Data Centers has set new standards for innovation, operational excellence and sustainability in the data center industry. With over 90% of its inventory leased to Fortune 100 customers, the company has acquired, developed and managed complex data center projects for the world’s most demanding users.

From location strategy and site selection to data center construction and operations, Stream develops wholesale colocation capacity and build-to-suit facilities for hyperscale and enterprise users in major markets across the United States. As the company’s site development affiliate, Headwaters employs a team of hyperscale experts dedicated to building a land bank for the data center industry, helping Stream and others uncover low-risk land sites for optimum data center development. Additionally, Stream provides energy procurement services with a focus on reducing market risk and providing low-cost renewable energy options.

Stream Data Centers is headquartered in Dallas, Texas and is the technical real estate affiliate of Stream Realty Partners, a full service commercial real estate investment, development and services company with 1,400+ professionals in 17 core markets, and $8.8 billion in annual transactions.

POSITION OVERVIEW

Stream Data Centers seeks a highly experienced Senior Cybersecurity Incident Responder to lead our cybersecurity incident response efforts as the senior member of our Cybersecurity Engineering team. This role demands a proven leader with extensive experience directing high-level incident response efforts and investigating security incidents across Windows servers and endpoints, Linux systems, and Azure Cloud environments (M365, Intune, Sentinel, Purview). Reporting to the VP of Cybersecurity, you will guide our skilled Cybersecurity Engineers, demonstrate leadership through active participation in incident resolution, and spearhead projects to strengthen and advance our cybersecurity program organization-wide.

RESPONSIBILITIES

• Incident Response Leadership: Direct and oversee high-severity incident response efforts, coordinating rapid containment, eradication, and recovery to minimize disruption to Stream Data Centers’ operations and client services.
• Investigation Expertise: Perform thorough investigations of security incidents across Windows servers and endpoints, Linux systems, and Azure Cloud environments (including M365, Intune, Sentinel, and Purview), deploying forensic tools to uncover root causes, attack paths, and countermeasures.
• Team Mentorship: Serve as a mentor and technical leader to a small team of seasoned Cybersecurity Engineers, promoting collaboration, enhancing skill sets, and cultivating a high-performance team culture.
• Hands-On Contribution: Actively engage in the ticket queue with the team, triaging and resolving incidents efficiently to uphold operational standards while exemplifying technical leadership.
• Strategic Projects: Spearhead initiatives to advance Stream Data Centers’ cybersecurity maturity, driving improvements in processes, tool deployment, and proactive measures such as threat hunting.
• Executive Reporting: Deliver precise, actionable, and business-focused updates to the VP of Cybersecurity, covering incident status, investigation outcomes, and strategic recommendations for sustained security improvements.
• Cross-Functional Collaboration: Work closely with IT, operations, and engineering teams to ensure a cohesive incident response and to implement preventive controls throughout the data center infrastructure.
• Documentation & Compliance: Produce detailed incident reports, lessons-learned analyses, and response playbooks, ensuring alignment with industry standards and supporting continuous improvement in future responses.

MINIMUM QUALIFICATIONS

• Experience: 10-15 years of hands-on experience in cybersecurity, with a significant emphasis on incident response and digital forensics, demonstrated through practical application in challenging environments.
• Windows Investigations: Extensive experience conducting incident investigations on Windows servers and endpoints, including memory analysis, log analysis, and malware identification, based on real-world scenarios.
• Linux Systems: Strong capability in managing Linux-based incidents, with proven skills in command-line forensics and system hardening derived from direct experience.
• Azure Cloud Security: Advanced, practical experience securing Azure Cloud environments, including M365, Intune, Sentinel, and Purview, with a demonstrated ability to detect, respond to, and mitigate incidents effectively.
• Leadership: Demonstrated experience leading multiple high-level incident response efforts, successfully guiding teams through complex investigations under demanding conditions.
• Mentorship: A background in mentoring and developing cybersecurity professionals, fostering collaboration and skill growth through hands-on guidance and a team-oriented approach.
• Hands-On Contribution: Ability to actively participate in the ticket queue, resolving incidents with technical expertise while setting a standard of excellence for the team.
• Communication: Effective skills in delivering clear, actionable, and business-relevant updates and recommendations directly to executive leadership, such as the VP of Cybersecurity.
• Project Leadership: A record of successfully leading cybersecurity projects that enhance organizational security maturity, with measurable improvements to processes or defenses.

PREFERRED QUALIFICATIONS

• Proven Incident Response Expertise: A track record of successfully leading and resolving complex, high-stakes security incidents in real-world environments, with demonstrable skills in containment, eradication, and recovery across diverse systems (Windows, Linux, Azure Cloud).
• Data Center or Critical Infrastructure Background: Direct experience securing data centers, critical infrastructure, or similar high-availability environments, with a practical understanding of the operational and security challenges unique to these setups.
• Multi-Cloud & Hybrid Mastery: Practical familiarity with securing cloud environments beyond Azure—such as AWS or GCP—and hybrid setups, gained through real incidents or projects rather than theoretical knowledge.
• Proactive Threat Detection: Real-world experience in threat hunting or offensive security (e.g., red teaming), with a knack for spotting advanced threats, building detection rules, or simulating attacks to harden defenses.
• Tool Proficiency: Deep, practical knowledge of incident response and forensic tools (e.g., CrowdStrike, Splunk, Wireshark, Volatility) from actual investigations, with scripting skills (e.g., Python, PowerShell) to automate tasks or dig deeper into incidents as a plus.
• Regulatory Savvy: Experience aligning incident response with compliance needs (e.g., SOC 2, GDPR, NIST) in a pragmatic way—knowing what matters in practice.
• Crisis Leadership: Evidence of leading teams through tough incidents or drills, coordinating with IT, ops, or execs under pressure, and mentoring others by example.
• Certifications (Optional): While not required, certifications like GCIH, GCFA, CISSP, or Azure Security Engineer Associate are a bonus if they complement proven expertise.

The pay range for this role is between $120,000- $160,000 (base).Individual compensation packages are based on various factors unique to each candidate, including skill set, experience, qualifications, location, and other job-related reasons. Stream Data Centers offers annual bonus, benefits, flexible time off (vacation), 401k and a variety of other perks and benefits.

_________________________________________________________________________

Stream is an equal-opportunity employer and does not discriminate on the basis of ethnicity, race, religion, sex, age, national origin, disability, military status, or any other reason prohibited by law. Note: Nothing in this job description restricts management’s right to assign or reassign duties and responsibilities to this job at any time.

If you need any assistance or an accommodation throughout the interview process due to a disability, you may contact us at accommodations@stream-dc.com.