Cybersecurity Incident Response Engineer, Sr

About The Position

Requirements

• 8+ years of progressive IT and cybersecurity experience with significant responsibility for incident response and major incident leadership.
• Bachelor’s degree in IT, Cybersecurity, Computer Science, Business Administration, or a related field, or equivalent work experience.
• Strong understanding of ITIL principles and incident management best practices, including experience with major incident processes.
• Proficiency with incident management and service management tools integrated with security operations.
• Excellent problem‑solving, analytical, communication, and interpersonal skills with demonstrated ability to manage multiple simultaneous incidents.

Nice To Haves

• Demonstrated leadership of ITIL‑based major incident processes in large enterprises, including executive and customer‑facing communications.
• Strong experience with enterprise incident management tools and service management platforms integrated with SOC and cyber defense functions.
• Certifications such as ITIL Foundation plus advanced cybersecurity or incident response credentials evidencing both service management and deep technical capability.
• At least one cybersecurity‑related professional certification — or the ability to obtain one within one year of hire — such as Security+, CySA+, GSEC, CEH, GCIA, GCIH, CISM or another industry‑recognized equivalent.

Responsibilities

• Lead major incident bridges and war rooms, orchestrating technical teams, tracking actions, and making time‑critical decisions to restore service and mitigate business risk.
• Integrate ITIL incident and major incident management practices with technical response workflows, ensuring disciplined prioritization, communication, and closure.
• Design and optimize incident detection and response processes, including playbooks, escalation paths, and automation, to improve consistency, speed, and quality of response.
• Build automation, orchestration, and custom scripting solutions to reduce manual workload, enhance triage and response, and streamline containment and eradication actions.
• Perform advanced threat and forensic analysis of endpoint, network, identity, and cloud data to understand attacker objectives, lateral movement, and persistence mechanisms.
• Partner with problem management and change management functions to translate incident findings into long‑term corrective actions, configuration changes, and risk‑reducing initiatives.
• Define and track incident metrics such as MTTR, MTTD, incident volume, and recurrence, using data to identify systemic weaknesses and to brief leadership on operational risk.
• Provide technical and procedural coaching to incident handlers and SOC analysts, elevating investigative techniques, documentation quality, and stakeholder communication.