Cybersecurity Incident Responder

About The Position

Requirements

• 3–6 years of experience in cyber security operations, incident response, security monitoring, IT operations, networking, or a related enterprise technology environment.
• Proven experience handling and responding to cyber security incidents in a SOC or CSIRT environment.
• Direct experience with security technologies such as SIEM, EDR, IDS/IPS, email security, firewalls, proxy tools, or case management platforms is preferred.
• Strong knowledge of incident response processes, investigative techniques, threat indicators, and attack methodologies.
• Hands-on experience with log analysis and forensic investigation techniques.
• Ability to prioritize work, manage multiple active incidents, and make sound decisions in a fast-paced, high-impact operational environment.
• Strong critical thinking skills, puzzle-solving ability, and an investigative mindset to analyze complex activity, connect related indicators, and identify root cause and scope of incidents.
• Bachelor’s degree in cyber security, information technology, computer science, or a related field preferred; equivalent practical experience

Nice To Haves

• Industry certifications such as GCIH, GREM, GCFA, GCFE, CISSP, CEH, CISA, Security+, or similar advanced cyber security certifications.
• Experience with scripting or programming languages to support automation, analysis, or incident response activities.

Responsibilities

• Lead investigation and response activities for confirmed and escalated cyber security incidents in accordance with established playbooks and service level targets.
• Perform analysis of suspicious activity across endpoint, network, identity, email, cloud, application, and system log sources.
• Analyze, investigate, and correlate data from SIEM/SOAR, EDR, firewall, proxy, intrusion detection/prevention, email security, and other monitoring platforms to drive accurate incident response.
• Document investigations, findings, actions taken, and escalation details in the case management system with clear, complete, and timely notes.
• Create full summary reports of events of interest to drive after action and lessons learned activities.
• Follow shift handoff procedures and communicate open issues, emerging threats, and significant events to team members and incident handlers.
• Contribute to continuous improvement by identifying recurring false positives, process gaps, and opportunities to improve alert quality, runbooks, and analyst efficiency and perform live response activities, including remote and onsite system analysis and evidence collection.
• Drive containment, eradication, and recovery actions in coordination with infrastructure and technology teams.
• Collaborate with Tier 1 analysts to improve detection and response capabilities and provide guidance on escalation quality and partner with security engineering teams to ensure effective operation and tuning of security tools and detection capabilities.

Benefits

• Annual incentive opportunity which may be delivered as a mix of cash bonus and equity awards