Join the team leading the next evolution of virtual care. At Teladoc Health, you are empowered to bring your true self to work while helping millions of people live their healthiest lives. Here you will be part of a high-performance culture where colleagues embrace challenges, drive transformative solutions, and create opportunities for growth. Together, we're transforming how better health happens. Summary of PositionTeladoc Health is seeking an experienced Cyber Incident Response Lead to spearhead our organization's efforts in responding to cybersecurity incidents.This role will lead complex incident investigations, coordinate cross-functional response efforts during security events, drive containment/eradication/recovery activities, and continuously improve the incident response program. This position combines hands-on technical response leadership with strategic oversight, stakeholder communication (including executive-level), and mentorship of analysts/engineers. You will serve as a key escalation point for high-severity incidents and help shape the organization's resilience against evolving threats (ransomware, supply-chain attacks, nation-state actors, etc.). Essential Duties and Responsibilities You will lead end-to-end incident response activities, from initial triage and containment through eradication, recovery, and post-incident review. You'll develop and continuously improve incident response playbooks, runbooks, and standard operating procedures, ensuring the team is prepared for a wide range of threat scenarios. During active incidents, you'll serve as the primary point of coordination between technical teams, senior leadership, legal, and communications stakeholders. Beyond incident management, you'll conduct threat hunting exercises and proactive analysis to identify indicators of compromise before they escalate. You'll mentor and develop junior analysts, conduct tabletop exercises and simulations, and track lessons learned to drive meaningful improvements to our security posture. You will also manage relationships with external forensics firms, law enforcement, and industry threat-sharing groups as needed. Qualifications Expected for Position 7+ years of experience in cybersecurity, with at least 5 years in an incident response or SOC lead capacity Deep hands-on experience with SIEM platforms (e.g., Splunk, Microsoft Sentinel), EDR tools, and network forensics Strong understanding of attacker tactics, techniques, and procedures (TTPs) as mapped to the MITRE ATT&CK framework Proficiency in digital forensics, malware triage, and log analysis across Windows, Linux, and cloud environments Experience leading response efforts for major incident types including ransomware, data exfiltration, BEC, and insider threats Excellent communication skills - able to translate technical findings into clear, executive-level briefings Relevant certifications such as GCIH, GCFE, GCFA, CISSP, or equivalent Preferred Qualifications Experience with cloud security incidents across AWS and Azure. Familiarity with regulatory and legal considerations (e.g., HIPAA, PCI-DSS breach notification requirements) Prior experience in regulated industries (finance, healthcare, critical infrastructure) or supporting executive-level communications during breaches. * Experience leading small-to-medium IR teamsor acting as primary incident commander. The base salary range for this position is$160,000 - $170,000. In addition to a base salary, this position is eligible for a performance bonus and benefits (subject to eligibility requirements) listed here: Teladoc Health Benefits 2026.Total compensation is based on several factors including, but not limited to, type of position, location, education level, work experience, and certifications.This information is applicable for all full-time positions. We follow a Flexible Vacati
