Cyber Security Architect/Engineer IV

Role Summary
The Incident Response Lead is a senior cybersecurity professional responsible for overseeing and executing the full incident response lifecycle within a hybrid cloud and on-premises environment. This role functions as the technical authority during active cybersecurity incidents, providing leadership, coordination, and investigation expertise to rapidly contain and remediate threats. The position requires a strategic thinker with extensive experience in incident response, digital forensics, and cybersecurity operations, with an emphasis on cloud infrastructure and operational maturity.

Responsibilities

• Lead and coordinate all phases of the incident response process, including detection, analysis, containment, eradication, recovery, and post-incident review.
• Serve as the primary investigator for high-severity cybersecurity incidents, managing scope, timelines, and documentation.
• Maintain situational awareness and provide timely updates to SOC leadership, cybersecurity engineering teams, and external stakeholders.
• Collaborate with cloud, network, identity, and system administration teams during active response efforts to ensure swift containment.
• Act as escalation decision authority for containment measures and service disruptions, balancing operational impact.
• Lead digital forensics and incident response investigations across host, network, and cloud environments, guiding analysts in the use of EDR, SIEM, and NDR tools.
• Validate Indicators of Compromise (IOCs), Indicators of Attack (IOAs), malware, and lateral movement techniques, ensuring evidence integrity for audit and legal purposes.
• Develop, update, and refine incident response playbooks, runbooks, and operational workflows to improve SOC effectiveness.
• Lead readiness activities such as tabletop exercises, purple team drills, and threat hunting initiatives to enhance team preparedness.
• Partner with multi-disciplinary teams and external agencies, including legal, public affairs, and third-party responders, during incidents.

Qualifications

• 10-12 years of direct cybersecurity experience within a Security Operations Center (SOC), including a minimum of 6 years in incident response or digital forensics and incident response (DFIR).
• Proven ability to lead high-impact incidents involving cloud infrastructure, particularly AWS.
• Expertise in digital forensics methodologies covering host, network, and cloud environments.
• Strong analytical skills in log analysis, SIEM tools (e.g., Splunk), EDR (e.g., Trellix), and network analysis techniques.
• Deep understanding of cybersecurity frameworks such as MITRE ATT&CK, NIST SP 800-61, and the cyber kill chain.
• Excellent communication skills with the ability to brief executive leadership and coordinate cross-functionally during crises.
• This position requires eligibility for a U.S. Government security clearance. Under federal law, eligibility for a security clearance generally requires U.S. citizenship (ability to obtain a Public Trust 6C clearance).
• Relevant cybersecurity certifications such as GCIA, GCFA, GCFE, GNFA, GCIH, or GDAT are highly desirable.
• Experience mentoring incident responders and maturing SOC/IR capabilities.
• Strong problem-solving skills and the ability to work effectively under pressure.

Publishing Pay Range: $78.00 - $83.00 hourly
This is an on-site position requiring employee presence at the office.