For further inquiries regarding the following opportunity, please contact our Talent Specialist, Ragu at
Title: Cybersecurity Incident Responder - Hybrid
Location: St. Paul, MN
Duration: 12 Months
Schedule: 8:00 AM - 5:00 PM
(Hybrid – 4 Days Onsite)
Only W2 candidates are eligible for this position. Third-party or C2C candidates will not be considered
Job Description:
We are seeking a Cybersecurity Incident Responder with strong experience in SOC operations analyst and incident response. The ideal candidate will collaborate with multiple IT teams, communicate effectively with stakeholders at all levels, and maintain accurate incident documentation.
Primary Job Function
- Responsible for investigating, analyzing, and responding to security incidents across the organization’s environment.
- Leads or executes complex incident response activities, adapts standard procedures to evolving threats.
- Plays a critical role in protecting the organization’s technology assets by identifying, analyzing, and responding to cybersecurity threats that may result in unauthorized access, misuse, or disruption of services.
Core Job Responsibilities
- Monitor security alerts and events from various tools (SIEM, EDR, IDS/IPS, etc.) to identify potential incidents.
- Perform triage, correlation, and in-depth analysis of security events, including indicators of compromise (IOCs), malware activity, phishing attempts, and suspicious network behavior.
- Conduct forensic analysis on systems, networks, and endpoints to determine root cause and scope of incidents.
- Develop and implement response strategies to mitigate immediate threats and prevent recurrence.
- Support the implementation, tuning, and monitoring of security tools such as SIEM, EDR, firewalls, and intrusion detection systems.
- Ensure security controls are effectively detecting and preventing malicious activity.
- Validate and enhance alerting mechanisms to reduce false positives and improve detection accuracy.
- Document incidents thoroughly, including timelines, impact assessments, and remediation actions.
Required Skills
- Experience working in a SOC (Security Operations Center) environment.
- Hands-on expertise with:
- Splunk
- SentinelOne
- XSOAR or Proofpoint
- Strong communication and documentation skills.
- Ability to collaborate with cross-functional IT teams.
Preferred Skills
- Threat hunting experience (plus).
- Scripting knowledge (Plus).
- Experience supporting Medical or Pharmaceutical environments (preferred, not required).
- Ability to communicate effectively with employees across all organizational levels.
Position Accountability & Scope
- Accountable for timely detection, analysis, and response to cybersecurity incidents to minimize organizational risk and business disruption.
- Works under moderate supervision but exercises independent judgment when handling incidents and escalating issues.
- Responsible for maintaining the confidentiality, integrity, and availability of organizational systems and data.
- Collaborates cross-functionally with IT, network, security engineering, and business teams during incident response activities.
- Contributes to continuous improvement of incident response processes, playbooks, and detection capabilities.
- Ensures compliance with internal security policies, standards, and regulatory requirements.
Minimum Experience/Training
- 3 years of technical experience in a Security Operations Center (SOC), incident response, or cybersecurity-related role.
- Demonstrated experience with security monitoring and investigation tools (e.g., SIEM such as Splunk, EDR platforms, email security tools).
- Strong understanding of network protocols, operating systems, enterprise security controls and frameworks such as MITRE ATT&CK.
Minimum Education
- Bachelor's degree in Information Technology or similar area; or equivalent work experience.
Interview Process
- Round 1: Virtual Interview
- Round 2: In-Person Interview at Client Location
Never miss an opportunity! Create an alert based on the job you applied for.
