Cyber Defense Incident Response Engineer (Fulltime)

Job Description: Cyber Defense Incident Responder, Senior (L3)

Key responsibilities/Accountabilities

As a Senior Cyber Defense Incident Responder within the Global Cybersecurity Operations Center (CSOC) you will play a crucial role as a key technical expert responsible for managing and responding to advanced cyber threats, conducting in-depth investigations, and supporting the overall security posture of the client. This role combines hands-on technical expertise with mentoring responsibilities, ensuring effective threat detection, incident response, and continuous improvement of SOC capabilities. What you will do:
-Analyze and respond to complex security incidents and alerts generated by SOC tools (e.g., SIEM, EDR, IDS/IPS)
-Investigate and resolve escalated incidents from Level 1 and Level 2 analysts, ensuring swift containment and remediation
-Lead investigations into cybersecurity incidents, including malware infections, data breaches, and insider threats
-Perform digital forensics to collect, analyze, and preserve evidence for legal or compliance requirements
-Provide incident reports with detailed root cause analyses and actionable recommendations
-Use threat intelligence to identify patterns and indicators of compromise (IOCs) relevant to the organization
-Work closely with junior analysts to provide guidance, training, and mentorship, fostering a culture of growth and knowledge-sharing
-Collaborate with IT, cybersecurity, and business stakeholder teams to implement and improve security controls
-Support the continuous improvement of SOC processes, tools, and technologies to enhance efficiency and effectiveness.
-Identify gaps in detection and response capabilities and recommend improvements to SOC leadership. -Bachelor s degree in Computer Science or a related 4-year technical degree
-Minimum 7 years of experience in supporting cyber defense operations in highly complex enterprise networks. Experience in SOC, SIRT, or CSIRT capacities
-One or more of the following certifications: GIAC Certified Intrusion Analyst, GCIH Certified Incident Handler, GCIA Certified Intrusion Analyst, CISSP
-Experience in enterprise cybersecurity environment investigating targeted intrusions through complex network segments
-Expert understanding of Advanced Persistent Threat (APT), Cybercrime, and Hacktivist tactics, techniques, and procedures (TTPs)
-Subject Matter Expert in cybersecurity principles, threat lifecycle management, incident management
-Comprehensive knowledge of various operating systems (Windows, OS X, Linux), network protocols, and application layer protocols
-Demonstratable experience in scripting languages (may include Powershell, Python, PERL, etc.)
-Understanding of the Cyber Kill Chain methodology, the NIST framework, the MITRE ATT&CK framework, and SANS Critical Security controls
-Working knowledge in modern cryptographic algorithms and systems
-Experience working with and tuning signatures, rules, signatures, and security technologies (IDS/IPS, SIEM, Sandboxing tools, EDR, email security platforms, user behavior analytics
-Network design knowledge including security architecture
-Strong analytical and technical skills in network defense operations including experience with incident handling (detection, analysis, triage)
-Conceptual understanding of cyber threat hunting
-Prior experience and ability analyzing cybersecurity events to determine true positives and false positives. Including cybersecurity alert triage, incident investigation, implementing countermeasures, and managing incident response
-Previous experience with SIEM platforms and log aggregation systems that perform collection, analysis, correlation, and alerting
-Ability to develop rules, filters, views, signatures, countermeasures, and other cyber defense platforms as well as the ability to support analysis and detection continual improvement
-Knowledge of new and emerging cybersecurity technologies
-Ability to create technical documents as well as stakeholder sitreps and briefing documents Preferred Qualifications:
-Deep Cybersecurity Operations Center experience in the following: intelligence driven detection, security principles, threat lifecycle management, incident management, digital forensics and investigations, network monitoring, endpoint monitoring, OT security principles
-CSOC Process Management experience, to include: process and procedure management, CSOC initiative management, continual operational improvement
-Preferred certifications: CISSP, GCIH, GCIA, Linux+, CCNA, CCNP
-Ability to demonstrate analytical skills, technical knowledge, and practical application of cyber and information security principles to both business leaders/key stakeholders as well as technical teams and SMEs
-Demonstrated knowledge in cyber defense policies, procedures, and regulations
-Knowledge of cyber vulnerability management processes
-Knowledge of common user and system authentication and authorization mechanisms