Freshworks makes it fast and easy for businesses to delight their customers and employees. We do this by taking a fresh approach to building and delivering software that is affordable, quick to implement, and designed for the end user. Headquartered in San Mateo, California, Freshworks has a global team operating from 13 global locations to serve more than 65,000 companies -- from startups to public companies – that rely on Freshworks software-as-a-service to enable a better customer experience (CRM, CX) and employee experience (ITSM).
Freshworks’ cloud-based software suite includes Freshdesk (omni-channel customer support), Freshsales (sales automation), Freshmarketer (marketing automation), Freshservice (IT service desk), Freshchat (AI-powered bots), supported by Neo, our underlying platform of shared services.
Freshworks is featured in global national press including CNBC, Forbes, Fortune, Bloomberg and has been a BuiltIn Best Place to work in San Francisco and Denver for the last 3 years. Our customer ratings have earned Freshworks products TrustRadius Top Rated Software ratings and G2 Best of Awards for Best Feature Set, Best Value for the Price and Best Relationship.
The Manager - Incident Response will lead the cybersecurity incident response function for a high-growth SaaS organization, ensuring rapid detection, investigation, containment, and remediation of security incidents. This role demands deep technical expertise to analyze complex threats, strong leadership and communication skills to collaborate across IT and security teams, and the ability to drive continuous improvement in incident response capabilities.
As a critical leader in the security organization, the Senior Manager will work closely with SOC, Threat Intelligence, Security Engineering, DevOps, IT, and Compliance teams to enhance the organization’s security posture against evolving threats.
Incident Response Leadership & Management
Lead and manage the end-to-end cybersecurity incident response process, ensuring rapid detection, triage, containment, eradication, and recovery.
Develop and optimize incident response playbooks, ensuring alignment with industry best practices (e.g., NIST 800-61, MITRE ATT&CK).
Establish incident severity classifications, escalation procedures, and communication workflows to ensure timely and effective response.
Oversee digital forensics and root cause analysis to determine the nature and impact of security incidents.
Maintain and test incident response plans (IRPs) through tabletop exercises and red/blue team assessments.
Cross-Team Collaboration & Communication
Work closely with IT, DevOps, CloudOps, and Security Engineering teams to contain and remediate security incidents effectively.
Partner with Compliance & Legal teams to ensure regulatory requirements (SOC 2, ISO 27001, GDPR, HIPAA, etc.) are met in incident response processes.
Provide clear and concise reporting on incidents, root causes, and corrective actions for executive leadership.
Lead post-incident reviews and drive continuous improvements across security processes.
Security Awareness & Continuous Improvement
Drive security awareness training on incident response best practices for IT and DevSecOps teams.
Develop and maintain incident response metrics and KPIs to measure program effectiveness.
Stay ahead of emerging attack techniques and implement advanced security automation and orchestration to improve response speed.
Advocate for Zero Trust principles and secure-by-design approaches within the SaaS ecosystem.
Education & Experience
Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or a related field.
8+ years of experience in cybersecurity, with at least 4+ years in incident response, SOC operations, or threat intelligence roles.
Strong experience in SaaS, Cloud Security, or Tech-driven organizations handling large-scale security incidents.
Technical Expertise
Expertise in digital forensics, malware analysis, log analysis, and network security monitoring.
Hands-on experience with SIEM (Splunk, Sentinel), EDR/XDR (CrowdStrike, SentinelOne, Microsoft Defender), and forensic tools (Volatility, Wireshark, Autopsy, etc.).
Deep understanding of MITRE ATT&CK, cyber kill chain, and adversarial tactics.
Proficiency in scripting and automation (Python, PowerShell, Bash) to enhance IR capabilities.
Strong knowledge of cloud security (AWS, Azure, GCP) and securing containerized workloads.
Soft Skills & Leadership
Strong leadership, problem-solving, and decision-making abilities under high-pressure situations.
Excellent communication and interpersonal skills to work effectively across diverse teams.
Ability to present technical findings to non-technical stakeholders, including executive leadership.
Certifications (Preferred but Not Mandatory)
CISSP, CISM, GCFA, GCIH, GNFA, OSCP, AWS Security Specialty, or equivalent certifications.
Strong preference for GCTI (GIAC Cyber Threat Intelligence) or SANS Incident Handling certifications.
Experience working in highly regulated environments (SOC 2, ISO 27001, PCI-DSS, GDPR, HIPAA, etc.).
Familiarity with SOAR (Security Orchestration, Automation, and Response) platforms for automating incident response.
Hands-on experience with threat modeling and attack simulation tools.
Technical Deep-Dive & Threat Hunting
Conduct in-depth analysis of logs, network traffic, malware samples, and system behaviors to identify root causes of security incidents.
Utilize SIEM, XDR, EDR, forensic tools, and threat intelligence platforms to investigate security breaches and threats.
Collaborate with Threat Intelligence and SOC teams to proactively hunt for threats and adversary tactics within the environment.
Guide vulnerability exploitation analysis to determine how security gaps were leveraged in incidents.
At Freshworks, we are creating a global workplace that enables everyone to find their true potential, purpose, and passion irrespective of their background, gender, race, sexual orientation, religion and ethnicity. We are committed to providing equal opportunity for all and believe that diversity in the workplace creates a more vibrant, richer work environment that advances the goals of our employees, communities and the business.