Lead - Incident Responder Cybersecurity

About The Position

Requirements

• Bachelor’s degree in computer science, information technology, cybersecurity, or equivalent combination of education and relevant experience (required)
• 5-10 years of relevant cybersecurity or IT operations experience (required)
• 4+ years of hands-on incident response or security operations experience (required)
• Experience working with enterprise cybersecurity tools such as SIEM, EDR, IDS/IPS, vulnerability management, and threat intelligence platforms
• Experience analyzing adversary tactics and techniques using the MITRE ATT&CK framework
• Familiarity with cybersecurity standards and frameworks such as NIST CSF, NIST 800-61, and PCI DSS (desired)
• Strong understanding of incident response processes and investigative methodologies
• Proficiency in SIEM platforms (e.g., Splunk, Microsoft Sentinel, QRadar, or similar)
• Hands-on experience with endpoint detection and response (EDR) tools such as SentinelOne, CrowdStrike, or Microsoft Defender
• Ability to analyze and correlate logs from firewalls, endpoints, servers, SaaS platforms, and cloud environments
• Proficiency in network traffic and packet analysis using tools such as Wireshark
• Working knowledge of malware triage and basic static/dynamic analysis techniques
• Understanding of Active Directory, identity-based attacks, and authentication workflows
• Knowledge of Windows and Linux operating systems and common attack vectors
• Ability to apply threat intelligence and OSINT to incident investigations
• Strong analytical and problem-solving skills with attention to detail
• Ability to communicate clearly and effectively, both verbally and in writing
• Ability to work independently and collaboratively in a fast-paced, high-pressure environment
• Willingness to support after-hours and weekend on-call rotation

Nice To Haves

• CompTIA Security+
• CompTIA CySA+
• GIAC Certified Incident Handler (GCIH)
• GIAC Intrusion Analyst (GCIA)
• GIAC Certified Enterprise Defender (GCED)
• CEH
• Microsoft SC-200 or cloud security certifications (Azure/AWS)

Responsibilities

• Monitor, investigate, analyze, respond to, and document cybersecurity incidents identified through detection and response platforms.
• Serve as Incident Commander, when assigned, to run the bridge, track actions/owners, and drive cadence.
• Define severity, business impact, and required engagement level (e.g., Sev1–Sev4), and lead initial triage to determine scope and next actions.
• Execute the full incident response lifecycle: identification, containment, eradication, recovery, and post-incident review
• Perform in-depth alert and event analysis across SIEM, EDR, network, endpoint, and cloud sources
• Collect, preserve, and analyze forensic evidence including logs, disk artifacts, memory artifacts, and network traffic
• Apply threat intelligence, indicators of compromise (IOCs), and adversary tactics and techniques using the MITRE ATT&CK framework
• Escalate incidents to Cybersecurity Operations Management and Incident Response Team members as required
• Support active incident response efforts, tabletop exercises, and threat simulation activities
• Conduct investigative analysis to determine impact, scope, and root cause of security incidents
• Lead the detection engineering feedback loop by converting incident learnings into new detections/use cases (SIEM rules, EDR analytics), tune to reduce false positives, and validate via testing.
• Assist with threat hunting activities to proactively identify malicious activity within the environment
• Validate suspected exploitation of vulnerabilities and support remediation efforts
• Coordinate with IT, application, and infrastructure teams to support containment and recovery actions
• Maintain accurate incident documentation, timelines, and reports
• Develop, coordinate, and maintain playbooks for common cyber-related enterprise events including ransomware, business email compromise, identity compromise, etc.
• Use (and help improve) SOAR playbooks for containment (account disable, host isolation, IOC blocking), enrichment, and reporting.
• Contribute to the development and maintenance of incident response procedures and standard operating procedures (SOPs)
• Participate in after-hours and on-call rotation requirements for cybersecurity incidents
• Provide regular status updates to Cybersecurity Operations Management during investigations
• Coordinate internal/external communications (Legal, Privacy, Comms/PR, HR) following established playbooks.
• Coordinate with MSSP/IR retainer and key vendors as needed during active incidents
• Track and report MTTA/MTTR, dwell time, containment time, recurrence, and lessons learned; contribute to operational reporting.

Benefits

• Flight benefits for you and your family to fly on Frontier Airlines.
• Buddy passes for your friends so they can experience what makes us so great.
• Discounts throughout the travel industry on hotels, car rentals, cruises and vacation packages.
• Discounts on cell phone plans, movie tickets, restaurants, luggage and over 2,000 other vendors.
• Flexible work schedules that support work/life balance.
• Total Rewards program including a competitive base salary, short term incentives, long-term incentives, paid holidays, 401(k) plan, vacation/sick time and medical/dental/vision insurance that begins the 1st of the month following your hire date.
• The HOPE League, Frontier Airlines’ non-profit organization, is dedicated to providing employees financial assistance during catastrophic hardship.