Expert (Staff) Cyber Risk Management Engineer

NO SPONSORSHIP - NO OPT

Expert (Staff) Cyber Risk Management Engineer

SALARY: $200k - $230k-$250k plus 20% bonus

LOCATION: Remote except: Alaska, ND, Nebraska, HI, OK, VT, Maine, WV, NH, WY, Puerto Rico, DC

Looking for an expert in incident response handling complex incidents out of an enterprise environment. Intelligence driven detection pipeline. Purple team, incident, on call rotation, analyze security alerts, SIEM, EDR, IDS/IPS logs.

As a member of the Cyber Risk Management team, you will be responsible for handling complex security incidents as an Incident Commander, building detections and detection frameworks, collaborating with cross functional peers, and helping to drive our overall security strategy.

Responsibilities

• Act as the Incident Commander for critical security events as part of our on-call rotation.
• Foster a culture of learning through blameless post-mortems to drive measurable improvements in both processes and tooling.
• Analyze security alerts and data from various sources (SIEM, EDR, IDS/IPS, logs) to identify and investigate sophisticated threats.
• Lead tabletop exercises and IR simulations to a variety of audiences in order to test and refine incident response plans, identify weaknesses, and enhance communication and collaboration.

Threat Hunting and Intelligence

• Proactively identify potential threats and weaknesses across systems and networks through hypothesis driven threat hunting.
• Identify gaps in detection coverage and proactively develop new telemetry, detections, and analytic approaches to address emerging threats across endpoint, identity, cloud, and network domains.
• Fuse internal telemetry with open source, commercial, and internal intelligence sources to prioritize risks and improve detection strategies.
• Track adversary TTPs and feed findings back into our hunting and detection pipelines.

Qualifications

• 7+ years of relevant professional experience with a Bachelor s degree in Computer Science, Information Security or a related field; an equivalent combination of education and experience will also be considered.
• 7+ years of combined hands-on IT and security architecture development and implementation work experience with a broad exposure to infrastructure/network and multi-platform environments.
• Deep understanding of operating systems (Windows, Linux, macOS), network protocols, cloud environments (AWS, Google Cloud Platform, Azure), and common attack techniques (MITRE ATT&CK).
• Proficiency with investigation and forensic tools such as EDR platforms (CrowdStrike, SentinelOne), log aggregators (Splunk, ELK), and packet capture tools (Wireshark, Zeek).
• Demonstrated ability to lead high-pressure incident response scenarios across technical and non-technical teams.
• Scripting skills in Python, PowerShell, or Bash for automation and analysis or experience with SOAR platforms is highly preferred.