Manager, Incident Response, Security Consulting, Mandiant, Google Cloud
Google California, USA; United States Remote eligible
Application window open until at least March 25, 2026. This opportunity remains online based on business needs, which may be before or after the specified date.
The location for this remote role is: Remote locations: California, USA; United States.
• Bachelor's degree in Computer Science, Information Systems, Cybersecurity, related technical fields, or equivalent practical experience.
• 8 years of experience leading incident response investigations, analysis, and containment actions.
• 8 years of experience with network forensics, malware triage analysis, cloud forensics, or disk and memory forensics.
• 2 years of experience with people management.
• Ability to travel 30% of the time domestically or internationally.
Preferred qualifications
• Certifications in cloud platforms.
• Experience in security participants, Capture the Flag (CTFs) or testing platforms such as Hack The Box, TryHackMe, OverTheWire, etc.
• Ability to communicate investigative findings and strategies to technical staff, executive leadership, legal counsel, and internal and external clients.
• Excellent time and project management skills.
About the job
As part of a customer-focused team of Incident Response Consultants, you will be trained to investigate, contain, and recover from data security incidents, delivering white‑glove service and helping customers navigate technically high‑profile incidents.
In this role, you will help clients effectively prepare for, proactively mitigate, and detect and respond to cyber‑security threats, applying knowledge of computer science, operating system functionality, networking, cloud services, and corporate network environments to tackle security threats.
Part of Google Cloud, Mandiant is a recognized leader in dynamic cyber defense, threat intelligence, and incident response services. The US base salary range for this full‑time position is $168,000–$244,000 plus bonus, equity, and benefits.
Responsibilities
• Lead client‑facing incident response engagements, examining cloud, endpoint, and network‑based evidence sources.
• Collaborate with internal and customer teams to investigate and contain incidents.
• Identify and codify attacker Tools, Tactics, and Procedures (TTPs) and Indicators of Compromise (IOCs) for current and future investigations.
• Execute host forensics, network forensics, log analysis, and malware triage to support incident response investigations.
Google is proud to be an equal opportunity and affirmative action employer. We are committed to building a workforce that is representative of the users we serve, creating a culture of belonging, and providing an equal employment opportunity regardless of race, creed, color, religion, gender, sexual orientation, gender identity/expression, national origin, disability, age, genetic information, veteran status, marital status, pregnancy or related condition (including breastfeeding), expecting or parents‑to‑be, criminal histories consistent with legal requirements, or any other basis protected by law. See also Google's EEO Policy, Know your rights: workplace discrimination is illegal, Belonging at Google, and How we hire.
English proficiency is a requirement for all roles unless stated otherwise.
To all recruitment agencies: Google does not accept agency resumes. Please do not forward resumes to our jobs alias, Google employees, or any other organization location. Google is not responsible for any fees related to unsolicited resumes.