Incident Responder

About The Position

Requirements

• High School Diploma or GED required
• Bachelor's Degree in a related field or equivalent years of experience required
• 1-3 years of prior relevant experience required
• CompTIA Security+ required
• ITIL Foundation required
• Demonstrated ability to solve structured problems with guidance; developing capability for unstructured scenarios.
• Excellent written and verbal communication with ability to document incidents clearly.
• Basic knowledge of TCP/IP and operating systems.
• Foundational understanding of enterprise security and monitoring concepts.
• Familiarity with reading basic Kusto Query Language (KQL) and Search Processing Language (SPL).
• Foundational understanding of industry security frameworks (e.g., ISO 27001, NIST 800-53)
• Working knowledge of: Microsoft Active Directory, Exchange, SQL
• Enterprise network operations
• SIEM platforms and alerting frameworks
• Scripting basics (PowerShell / Python)
• Change Management and system hardening practices
• SOC operations processes and tooling
• Understands basic alert types and indicators across endpoint, network, and cloud sources.
• Participates in tabletop exercises as a responder executing predefined playbooks, validating alert triage and escalation processes, and documenting actions to support testing of detection and response procedures.
• Follows predefined detection logic and recognizes common false positives.
• Understands the incident response lifecycle and follows defined playbooks.
• Escalates incidents based on predefined severity and impact criteria.
• Reviews logs and alerts to support basic investigations and documentation.
• Identifies obvious indicators of compromise using available tools.
• Understands basic integration between tools (SIEM, EDR, ticketing).
• Understands basic business impact of incidents (service disruption, user impact).
• Escalates issues affecting critical systems or users.
• Provides clear and accurate incident updates to internal teams.
• Documents incidents in a structured and understandable format.
• Identifies basic issues in alerts, processes, or documentation.
• Provides feedback to improve playbooks and monitoring.
• Understands basic concepts of security controls and alert generation.
• Recognizes how alerts are triggered within tools.

Nice To Haves

• CompTIA CySA+ preferred
• Splunk Power User preferred
• Certified CyberDefender preferred

Responsibilities

• Responsible for responding to all major systems and service incidents during business hours and extended business hours in support of IT Incident Management program.
• Creates and maintains unified monitoring of Infrastructure, Application and Business & IT services to proactively detect, predict and prevent service, application and security problems.
• Monitors security and network operations in a 24x7 environment and escalates exceptions based on established procedures.
• Participates in on-call rotation supporting production systems.
• Performs initial triage, correlation, and documentation of security, availability, and service incidents.
• Investigates alerts using standard tools and predefined queries; escalates incidents requiring advanced analysis or coordination.
• Executes established incident response and availability playbooks for repeatable events.
• Maintains accurate incident records and provides status updates to stakeholders during the incident lifecycle.
• Utilizes and maintains monitoring dashboards and alert views (e.g., ServiceNow, Splunk, Orion, Tenable, AppDynamics, Sentinel).
• Uses prebuilt dashboards and analytics to identify potential issues (service degradation, security events, insider risk indicators).
• Follows established monitoring rules and procedures to support proactive fault detection and reduce alert noise.
• Coordinates with internal teams and vendors for resolution of assigned incidents.
• Tracks SLA adherence and ensures data quality for reporting and KPI tracking.
• Maintains working knowledge of tools, processes, and incident response best practices.
• Performs other duties as assigned
• Complies with regulatory compliance and assigned training requirements including but not limited to BSA regulations corresponding to their specific job duties. Failure to do so may result in disciplinary and other employment related actions

Benefits

• World-Class Personal Service
• financial security