
Technical Head of Incident Command at Spearbit. Remote Location: Remote USA. We are seeking a seasoned security leader to architect and lead our Incident Response & Intelligence program. This role sits at the intersection of cybersecurity, operational readiness, and blockchain-native risk mitigation. The ideal candidate will bring deep Web2 threat intelligence experience, operational leadership in cyber defense, and native fluency in the Web3 threat landscape.. Key Responsibilities. Security Readiness Program Development. Own and evolve the . Surface, Structure, and Stress. framework, including threat modeling, IR playbook design, and simulation-based preparedness.. Develop repeatable, scalable security procedures for client-facing incident readiness engagements.. Translate technical insights and war room lessons into improved policy, structure, and training across the organization.. Incident Response Strategy & Oversight. Define and refine processes for live incident triage, war room escalation, and severity classification.. Design internal workflows between Tier 1 (pausing, triage) and Tier 2 (analysis, coordination) teams.. Lead the IR integration track during onboarding of clients into Shield and Signal programs.. Serve as the escalation point and architect for high-severity playbooks, but not the active incident operator.. Training & Simulation Leadership. Lead the development and delivery of tabletop simulations and live drills.. Manage a technical team responsible for readiness training and ongoing improvement of IR capabilities.. Build technical enablement materials and maintain consistency in how we train across verticals and client types.. Cross-Functional Alignment. Work closely with security researchers, account managers, and protocol engineering teams to ensure IR preparedness.. Collaborate with Product and Delivery teams to embed IR best practices into client-facing services.. Interface with external partners (e.g., monitoring vendors, threat intel providers) to align tooling and escalation workflows.. Requirements. 10+ years in cybersecurity, incident response, or security strategy, with at least 3 years of Web3 experience required.. Demonstrated experience building and operationalizing security programs - not just responding to incidents.. Strong knowledge of DeFi-specific threats, smart contracts, multisig architecture, and exploit response flows.. Proven ability to manage cross-functional teams and lead complex technical planning processes.. Excellent communication and documentation skills - you will be writing playbooks and leading simulations.. Bonus Qualifications. Military or government intelligence background.. Experience designing tabletop simulations or red/blue team exercises.. Familiarity with pauser integration, monitoring tools (e.g., Hexagate, Forta), or distributed multisig signing flows.. Has worked with protocol teams or DAOs in a security leadership capacity.. What Success Looks Like. A mature, repeatable incident readiness program deployed across all key clients and verticals.. All Tier 1 and Tier 2 analysts operate under a shared escalation model you’ve designed and trained.. Clients onboarded through Surface/Structure/Stress are measurably more prepared and capable.. Internal delivery teams feel confident operating under pressure, with clearly defined response roles.. What We Offer. Access to cutting-edge projects and deeply technical reviews. Compensation at the top end of the market. Collaboration with the best researchers + projects in the industry