We’ve signed up for an ambitious journey. Join us!

As Arrive, we guide customers and communities towards brighter futures and more livable cities, it isn’t a challenge just anyone could take on. Luckily, we have something to help us make it happen. Our people and our values. We Arrive Curious, Focused and Together.

Just as our entire brand is inspired by the North Star, the shining light leading travelers to their destinations since time began, our values guide us. They help us be at our best. For our customers. For the cities and communities we serve. For ourselves. As a global team, we are transforming urban mobility. Let’s grow better together.

Role Summary

The Incident Response (IR) Lead is accountable for leading and maturing the organization’s detection and response capability, ensuring efficient execution of incident handling, investigation, and recovery activities across Arrive. This role combines operational leadership with strategic oversight, ensuring the IR function remains resilient, scalable, and aligned with the evolving threat landscape.

The IR Lead drives day-to-day operations while shaping long-term improvements in processes, tooling, and methodologies. This includes ensuring incidents are identified, triaged, and resolved in a timely and structured manner, while continuously enhancing detection logic and response playbooks based on lessons learned.

This role requires a strong leader who can operate at both technical and strategic levels, bridging security operations with business priorities. The IR Lead is expected to translate incident insights into actionable improvements, strengthen cross-functional collaboration, and provide clear, risk-based communication to stakeholders, including senior leadership.

Reporting to the Sr. Director of Security Operations, the IR Lead plays a central role in strengthening organizational cyber resilience and ensuring a coordinated, intelligence-driven response capability.

Your Mission

To lead and mature Arrive's Incident Response capability, ensuring the efficient handling of security incidents while strengthening overall organizational cyber resilience.

Key Responsibilities

Security Monitoring & Incident Response

• Own and lead the Incident Response function, including strategy, governance, and operational execution.

• Direct and optimize daily IR operations, ensuring efficient handling of security incidents, escalations, and threat hunting activities.

• Act as the central coordination point during major incidents, ensuring structured response, clear communication, and minimal business disruption.

• Design, maintain, and continuously improve incident response playbooks, workflows, and escalation procedures.

• Review and quality-assure investigations, ensuring consistency in analysis, evidence handling, and decision-making.

• Collaborate with internal teams and external partners to ensure seamless incident management.

Leadership & Team Management

• Lead, mentor, and develop the IR team, promoting technical excellence, accountability, and continuous learning.

• Support crisis management activities, including participation in tabletop exercises and real-world incident coordination.

• Ensure alignment with regulatory, legal, and compliance requirements related to incident response and breach handling.

Detection Strategy:

• Drive integration between detection engineering, threat intelligence, and response to enhance overall security effectiveness.

• Threat Intelligence & Hunting: Proactively hunt for threats and integrate intelligence to anticipate attacks.

• Develop and refine detection content and rules (e.g., SIEM, EDR) to map against adversary tactics.

• Identify gaps in current capabilities and lead initiatives to enhance tooling, automation, and operational maturity.

MSSP and Security Partners’ Collaboration

• Build and maintain a strong collaboration with all are strategic MSSP and security vendors to enhance security operations and fully utilise available resources and expertise.

Reporting & Communication:

• Produce and present executive-level reporting, including incident trends, root cause analysis, and business impact assessments.

• Develop and maintain a repeatable incident orchestration standard to regular security incident tickets.

Required Qualifications and Experience

• Bachelor’s or Master’s degree in Cybersecurity, Information Technology, or a related discipline - a plus.

• 10+ years of experience in cybersecurity, with significant hands-on involvement in Incident Response and Detection & Response functions.

• Demonstrated experience leading and managing IR or SOC teams in complex environments.

• Strong expertise in incident response methodologies, digital forensics, threat hunting, and attacker tactics, techniques, and procedures (TTPs).

• Relevant certifications such as GCIH, GCFA, GSOM, or equivalent industry-recognized credentials - a plus.

• Solid understanding of security technologies (EDR, SIEM, SOAR), network protocols, operating systems, and enterprise infrastructure.

• Proven ability to translate technical findings into business-relevant insights and communicate effectively with senior stakeholders.

• Experience developing and operationalizing playbooks, detection use cases, and response frameworks.

• Strong analytical and problem-solving capabilities, with attention to detail under pressure.

• Ability to lead in high-stress situations, make informed decisions quickly, and manage competing priorities.

• Experience fostering a high-performing team culture focused on collaboration, ownership, and continuous improvement.

• Excellent written and verbal communication skills, including experience delivering executive briefings.

• Leadership: Strong leadership, communication (both written and verbal), and decision-making capabilities under pressure. Experience fostering a high-performing team culture focused on collaboration, ownership, and continuous improvement.

Department

Technology

Locations

Łódź, Stockholm, London

Remote status

Hybrid

Employment type

Full-time