Cybersecurity Incident Response Engineer, Mid

ASM Research

About The Position

The Cybersecurity Incident Response Engineer, Mid supports the detection, containment, and recovery of cybersecurity incidents across enterprise networks and mission‑critical systems in a highly regulated government environment. This role contributes to developing and executing response strategies, including automation, scripting, and playbooks, to enhance the speed and consistency of security operations. The engineer performs detailed technical analysis, coordinates with cross‑functional teams to isolate affected systems, and helps implement proactive cybersecurity countermeasures. This includes contributing to advanced defensive initiatives, improving detection logic, and strengthening SOC capabilities to protect the organization against evolving and increasingly complex adversary tactics. The position also supports forensic investigations, documentation, regulatory alignment, and continuous improvement of incident response processes.

Requirements

Typically 4–7 years of hands‑on experience in cybersecurity operations and incident response across enterprise environments.
Bachelor’s degree in IT, Cybersecurity, Computer Science, or a related field, or equivalent work experience.
Demonstrated experience with incident response tools and platforms such as SIEM, IDS/IPS, and EDR in enterprise environments.
Strong understanding of incident response principles, containment and eradication techniques, and data security best practices.
Proven analytical and problem‑solving ability with strong written and verbal communication skills.

Nice To Haves

Demonstrated leadership of ITIL‑based major incident processes in large enterprises, including executive and customer‑facing communications.
Strong experience with enterprise incident management tools and service management platforms integrated with SOC and cyber defense functions.
Certifications such as ITIL Foundation plus advanced cybersecurity or incident response credentials evidencing both service management and deep technical capability.
At least one cybersecurity‑related professional certification — or the ability to obtain one within one year of hire — such as Security+, CySA+, CEH, GSEC, GCIA, GCIH, or an equivalent industry‑recognized credential.

Responsibilities

Conduct technical analysis of security events and incidents using SIEM, IDS/IPS, EDR, and related tools to identify attack vectors, affected assets, and potential data exposure.
Develop and refine incident response runbooks and automation workflows that standardize triage, containment, and eradication steps for common attack scenarios.
Coordinate system and network isolation strategies with infrastructure and application teams to contain threats while preserving evidence and minimizing operational disruption.
Support proactive defensive engineering initiatives, including tuning detections, building automated countermeasures, and contributing to programs designed to defend against sophisticated adversaries.
Perform host and network forensics, including log review, basic memory and disk analysis, and artifact collection to support root cause analysis and potential legal or compliance needs.
Map observed adversary behavior to structured frameworks such as MITRE ATT&CK to understand attacker tactics, techniques, and procedures and to recommend targeted detection improvements.
Ensure incident handling practices are aligned with data security best practices and applicable government security policies, supporting auditability and regulatory compliance.
Produce clear incident documentation, timelines, and lessons learned that feed into security awareness, control hardening, and process improvements.