Lead and support end-to-end incident response activities, including detection, analysis, containment, eradication, and recovery
Monitor, investigate, and correlate security alerts using SIEM, EDR, and forensic tools
Perform digital forensic investigations across endpoints, servers, cloud, and network environments
Triage and escalate security events in accordance with established incident response procedures
Develop, maintain, and continuously improve incident response playbooks, SOPs, and workflows
Improve alert quality and response effectiveness through root cause analysis and post-incident reviews
Partner with IT, Legal, Compliance, Privacy, and Risk teams during security incidents
Support regulatory, legal, and client-driven incident response and reporting requirements
Participate in and facilitate incident response tabletop exercises and simulations
Contribute to the design and enhancement of detection, logging, and monitoring capabilities
Provide technical guidance and mentorship to junior analysts and security team members

1+ years of experience in cybersecurity, incident response, or security operations
Hands-on experience responding to security incidents in enterprise environments
Strong ability to analyze security events and perform technical investigations
Working knowledge of TCP/IP, DNS, HTTP/S, VPNs, firewalls, and proxy technologies
Windows and Linux operating systems
Identity and access systems and authentication mechanisms
Experience using SIEM and security platforms such as Splunk, Microsoft Sentinel, QRadar, ArcSight, ELK, or similar
Ability to identify and respond to phishing and business email compromise, malware and ransomware, credential compromise, lateral movement, and persistence mechanisms, brute-force and privilege escalation attacks
Strong written and verbal communication skills
Demonstrated ability to follow structured processes while continuously improving them.

Cybersecurity Engineer – Incident Response, Threat Detection

Similar Jobs