Overview
Skills
Job Details
Need on W2
Shift Time: 2:00 PM to 10:30 PM EST
Need Permanent residence (USC) who can work on W2
Position Overview
As a Sr. Cyber Defense Incident Responder within the Global Cybersecurity Operations Center (CSOC), you will play a critical role in protecting the Volvo Group s global infrastructure. In this hands - on technical position, you ll manage & respond to advanced cyber threats, lead complex investigations, & help shape our security posture through continuous improvement. You ll also mentor junior analysts, foster knowledge sharing, & collaborate cross-functionally to strengthen our overall threat detection & response capabilities.
What You ll Do
Lead the analysis & response for complex security incidents & alerts using SOC tools such as SIEM, EDR, & IDS / IPS.
Investigate escalated incidents from Level 1 & Level 2 analysts, ensuring swift containment, eradication, & recovery.
Conduct end - to - end investigations of cybersecurity incidents, including malware outbreaks, data breaches, insider threats, & targeted intrusions.
Perform digital forensics, preserving & analyzing evidence in support of legal, compliance, & regulatory requirements.
Produce detailed incident reports with root cause analysis, lessons learned, & actionable remediation steps.
Leverage threat intelligence to identify indicators of compromise ( IOCs ) & apply them to strengthen detection & prevention.
Guide, mentor, & train junior SOC analysts, promoting skill development & a collaborative team culture.
Partner with IT, security engineering, & business stakeholders to improve security controls & processes.
Continuously assess SOC tools, workflows, & detection capabilities, recommending enhancements to increase efficiency & resilience.
Identify gaps in threat detection & response, & help define requirements for new tools, signatures, or processes.
What You ll Bring
Bachelor s degree in Computer Science, Information Security, or a related technical discipline.
7+ years of experience supporting cyber defense operations in complex enterprise environments. Proven track record in SOC, SIRT, or CSIRT roles managing high-severity incidents. One or more relevant certifications (e.g., GCIH, GCIA, CISSP, GIAC Certified Intrusion Analyst ). Deep expertise in threat actor tactics, techniques, & procedures ( TTPs ), including APT, cybercrime, & hacktivist campaigns.
Advanced knowledge of cybersecurity frameworks & methodologies such as the Cyber Kill Chain, MITRE ATT&CK, NIST, & SANS CSC.
Proficiency in digital forensics, malware analysis, & evidence preservation.
Strong understanding of Windows, Linux, & MacOS operating systems, as well as core network & application protocols.
Hands-on scripting experience ( e.g., PowerShell, Python, Perl ) to automate investigative tasks. Experience tuning & managing SIEM rules, IDS / IPS signatures, EDR platforms, & other security controls.
Familiarity with modern cryptography, authentication, & authorization mechanisms.
Strong analytical & problem-solving skills with the ability to distinguish true positives from false positives quickly.
Ability to write clear technical documentation, stakeholder updates, & executive-level briefings.
Preferred Qualifications
Experience leading initiatives in a large, global Cybersecurity Operations Center. Proven background in intelligence-driven detection, threat hunting, OT security, & advanced threat modeling. Process management experience within SOC environments, including playbook development & continuous improvement initiatives.
Certifications such as Linux+, CCNA, CCNP, or additional GIAC credentials are highly desirable.
Strong ability to translate complex technical concepts into clear communication for business leaders, stakeholders, & technical teams.
Knowledge of vulnerability management practices & secure network design principles.