Cybersecurity Incident Response Engineer, Mid

Position Overview

The Cybersecurity Incident Response Engineer, Mid supports the detection, containment, and recovery of cybersecurity incidents across enterprise networks and mission-critical systems in a highly regulated government environment. This role contributes to developing and executing response strategies, including automation, scripting, and playbooks, to enhance the speed and consistency of security operations.

The engineer performs detailed technical analysis, coordinates with cross-functional teams to isolate affected systems, and helps implement proactive cybersecurity countermeasures. This includes contributing to advanced defensive initiatives, improving detection logic, and strengthening SOC capabilities to protect the organization against evolving and increasingly complex adversary tactics. The position also supports forensic investigations, documentation, regulatory alignment, and continuous improvement of incident response processes.

Key Responsibilities

• Conduct technical analysis of security events and incidents using SIEM, IDS/IPS, EDR, and related tools to identify attack vectors, affected assets, and potential data exposure.
• Develop and refine incident response runbooks and automation workflows that standardize triage, containment, and eradication steps for common attack scenarios.
• Coordinate system and network isolation strategies with infrastructure and application teams to contain threats while preserving evidence and minimizing operational disruption.
• Support proactive defensive engineering initiatives, including tuning detections, building automated countermeasures, and contributing to programs designed to defend against sophisticated adversaries.
• Perform host and network forensics, including log review, basic memory and disk analysis, and artifact collection to support root cause analysis and potential legal or compliance needs.
• Map observed adversary behavior to structured frameworks such as MITRE ATT&CK to understand attacker tactics, techniques, and procedures and to recommend targeted detection improvements.
• Ensure incident handling practices are aligned with data security best practices and applicable government security policies, supporting auditability and regulatory compliance.
• Produce clear incident documentation, timelines, and lessons learned that feed into security awareness, control hardening, and process improvements.

Required Qualifications

• Assumption: Typically 4-7 years of hands-on experience in cybersecurity operations and incident response across enterprise environments.
• Bachelor's degree in IT, Cybersecurity, Computer Science, or a related field, or equivalent work experience.
• Demonstrated experience with incident response tools and platforms such as SIEM, IDS/IPS, and EDR in enterprise environments.
• Strong understanding of incident response principles, containment and eradication techniques, and data security best practices.
• Proven analytical and problem-solving ability with strong written and verbal communication skills.

Preferred Qualifications

• Demonstrated leadership of ITIL-based major incident processes in large enterprises, including executive and customer-facing communications.
• Strong experience with enterprise incident management tools and service management platforms integrated with SOC and cyber defense functions.
• Certifications such as ITIL Foundation plus advanced cybersecurity or incident response credentials evidencing both service management and deep technical capability.
• At least one cybersecurity-related professional certification - or the ability to obtain one within one year of hire - such as Security+, CySA+, CEH, GSEC, GCIA, GCIH, or an equivalent industry-recognized credential.

Compensation Ranges

Compensation ranges for ASM Research positions vary depending on multiple factors; including but not limited to, location, skill set, level of education, certifications, client requirements, contract-specific affordability, government clearance and investigation level, and years of experience. The compensation displayed for this role is a general guideline based on these factors and is unique to each role. Monetary compensation is one component of ASM's overall compensation and benefits package for employees.

EEO Requirements

It is the policy of ASM that an individual's race, color, religion, sex, disability, age, sexual orientation or national origin are not and will not be considered in any personnel or management decisions. We affirm our commitment to these fundamental policies.

All recruiting, hiring, training, and promoting for all job classifications is done without regard to race, color, religion, sex, disability, or age. All decisions on employment are made to abide by the principle of equal employment.

Physical Requirements

The physical requirements described in "Knowledge, Skills and Abilities" above are representative of those which must be met by an employee to successfully perform the primary functions of this job. (For example, "light office duties' or "lifting up to 50 pounds" or "some travel" required.) Reasonable accommodations may be made to enable individuals with qualifying disabilities, who are otherwise qualified, to perform the primary functions.

Disclaimer

The preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this job.