Responder- Cyber Security Incident

About The Position

Requirements

• Bachelor's degree in Computer Science or related field; MA or MBA preferred
• Minimum five years experience in Information Technology
• Minimum three years of direct IT Security experience in Cyber Security operations and Incident Response
• Experience performing event and log analysis including one or more of the following: Anti-Virus, Intrusion Detection Systems, Firewalls, Active Directory, Web Proxies, Data loss prevention tools and other security tools found in large enterprise network environments; along with experience working with Security
• Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means
• Solid working knowledge of networking technology and tools, firewalls, proxies, IDS/IPS, encryption, SIEM and EDR
• Experience writing scripts, tools, or methodologies to enhance the investigative process

Nice To Haves

• Advanced certifications such as CISSP, CISM, or GIAC are preferred

Responsibilities

• Monitor security alerts and logs to swiftly identify potential security incidents.
• Investigate alerts and assess their severity and potential impact on the organization's systems and data.
• Prioritize and triage incidents based on their criticality and urgency.
• Conduct in-depth analysis of security incidents to determine their root cause, scope, and extent of compromise.
• Coordinate with relevant teams to contain and mitigate the impact of security breaches.
• Execute predefined incident response procedures and workflows to ensure a structured and effective response.
• Implement temporary and permanent measures to restore affected systems and prevent further unauthorized access.
• Perform digital forensics activities to gather evidence, reconstruct events, and support incident investigations.
• Document findings and maintain chain of custody for forensic evidence in accordance with legal and regulatory requirements.
• Communicate effectively with internal stakeholders, including IT teams, management, and legal counsel, to provide updates on incident response activities.
• Prepare detailed incident reports documenting the timeline, impact, remediation actions, and lessons learned.
• Collaborate with external parties such as law enforcement, regulatory bodies, and third-party vendors as necessary.
• Participate in post-incident reviews and root cause analysis to identify gaps and weaknesses in existing security controls and processes.
• Propose and implement enhancements to incident response procedures, tools, and training programs to strengthen the organization's cyber resilience.