Cybersecurity Defense Incident Responder

Looking for someone on W2.
As a Senior Cyber Defense Incident Responder within the Global Cybersecurity Operations Center ( CSOC ), you will serve as a key technical expert, responsible for responding to sophisticated cyber threats, leading incident investigations, & strengthening the organization s cybersecurity posture. This role requires a combination of hands - on technical expertise & mentoring skills to drive effective threat detection, rapid incident response, & continuous improvements in SOC operations.
Key Responsibilities
Analyze & respond to complex security incidents & alerts generated by SOC tools ( e.g., SIEM, EDR, IDS / IPS ).
Investigate & resolve escalated incidents from Level 1 & Level 2 analysts, ensuring timely containment & remediation.
Lead end-to-end investigations involving malware infections, data breaches, insider threats, & other advanced attacks.
Conduct digital forensics to collect, analyze, & preserve evidence in compliance with legal & regulatory standards.
Produce detailed incident reports including root cause analysis & actionable recommendations.
Leverage threat intelligence to identify indicators of compromise ( IOCs ) & anticipate emerging threats.
Mentor & guide junior SOC analysts to promote knowledge-sharing & professional development.
Collaborate with IT, security, & business stakeholders to implement & refine security controls.
Drive continuous improvement of SOC workflows, tools, & technologies for enhanced operational effectiveness.
Identify gaps in detection & response capabilities & provide strategic recommendations for improvement.
Required Qualifications

Bachelor s degree in Computer Science, Information Security, or a related technical discipline.
Minimum of 5 years of experience in cybersecurity with at least 3 years supporting cyber defense operations in large enterprise environments ( SOC, SIRT, or CSIRT ). Strong understanding of Advanced Persistent Threats ( APT ), cybercrime, & hacktivist tactics, techniques, & procedures ( TTPs ). Proficient in incident handling, threat lifecycle management, & root cause analysis. Deep knowledge of operating systems (Windows, Linux, macOS), network & application layer protocols. Hands - on experience with SIEM tools, EDR platforms, IDS / IPS, sandboxing solutions, & email security technologies. Experience in scripting ( e.g., PowerShell, Python, Perl ) for automation & investigation tasks.
Familiarity with MITRE ATT&CK, NIST Framework, Cyber Kill Chain, & SANS CSC frameworks.
Understanding of modern cryptographic systems & network security architectures.
Ability to analyze & triage alerts, develop detection content, & implement countermeasures.
Strong analytical, technical writing, & communication skills for both technical & executive audiences.