Incident Response Engineer

• As a SME, you will be responsible for leading incidents, investigations, and security initiatives
• Act as a security multiplier to help scale security incident response 
• Prepare post-mortem reports of incidents and present findings to the broader team
• Create and maintain runbooks to ensure smooth handling of all security incidents
• Lead and participate in incident response tabletop exercises to validate and improve existing processes and procedures and train others on their roles and responsibilities during an incident
• Monitor and analyze security logs, using KQL queries in Microsoft Sentinel, to identify potential security breaches
• Build, refine, and maintain analytic rules, workbooks, hunting queries, and dashboards in Microsoft Sentinel to enhance detection and response capabilities
• Automate incident response and enrichment processes using Logic Apps, automation rules, and playbooks in Sentinel
• Assess vulnerabilities within the environment, conduct risk-based prioritization of vulnerabilities, and assist in remediation
• Lead and coordinate responses to cyber threats, including incidents identified in Microsoft Defender for Endpoint
• Build effective relationships with key stakeholders who own and support IT infrastructure, applications, processes, and operations
• Provide security engineering solutions and support during customer-facing incidents, proactively considering prevention of similar incidents in the future
• Assist in the development of pragmatic solutions that meet business requirements while maintaining an acceptable level of risk
• Identify and recommend solutions that improve or expand incident response capabilities
• Work alongside Information Security and Infrastructure Operations engineers to improve security, reduce risk, and rapidly address incidents
• Evaluate the impact of current security trends, advisories, publications, and academic research, coordinating responses as necessary across affected teams
• Stay current with the rapidly changing threat landscape, continuously improving detection and response methods
• Participate in an on-call rotation
• Other duties as needed

PREFERRED QUALIFICATIONS:

• Microsoft and Network administration coursework and/or certifications are preferred
• Knowledge of TCP/IP network
• Hands-on working experience with Microsoft Cloud Security, O365, Sentinel, Azure AD, Azure Identities and governance, Identity and Access Management, Microsoft Azure Sentinel, Azure Information Protect, Cloud App Security, MS Defender, Microsoft Cloud App Security and Endpoint Security
• Relevant industry certifications from SANS, ISC2, Microsoft Security, or similar

EXPECTATIONS, COMPETENCIES, SKILLS & ABILITIES:

• Expertise with Microsoft Sentinel (SIEM/SOAR) including advanced KQL query writing, rule creation, and custom dashboards
• Hands-on experience with Microsoft Defender for Endpoint for endpoint detection and response.
• Proficiency in incident automation, including design and implementation of Logic Apps playbooks for triage, enrichment, and response
• Experience with vulnerability management solutions, SIEM solutions, and endpoint technologies such as CrowdStrike and other industry-leading tools
• Understanding of best practices in security engineering, including secure development, network security, security operations, systems security, and incident response
• Technical depth in one or more specialties including: application security, infrastructure security, digital forensics, malware analysis, threat hunting, or some combination thereof
• Strong understanding of security vulnerabilities, attacker exploit techniques, and methods for their remediation
• Experience with common security monitoring, log analysis, and forensic tools
• Ability to work with a high degree of autonomy
• Scripting skills (e.g., KQL, Python, PowerShell, Bash, etc.) for automation and integration of security tools
• Dedicated and passionate about cybersecurity technologies, constantly learning and evolving with current hacking techniques, cybercrime tactics, and industry trends
• Strong interpersonal and communication skills for coordinating responses to sophisticated incidents across the organization with both technical and non-technical stakeholders
• Technical security background and understanding of network fundamentals and common Internet protocols
• Experience triaging and developing security alerts, building automation pipelines, conducting front-line analysis, and providing escalation support
• Employee may be required to lift and/or move objects up to 50 pounds
• Night or weekend work as needed