Senior Security Incident Response Engineer

About The Position

Requirements

• Proficiency with Microsoft 365 Security Suite as well as other security tooling such as SentinelOne, Google SecOps, Abnormal Security, and others.
• Strong experience with incident response, digital forensics, and threat hunting across a hybrid environment.
• Knowledge of endpoint operating systems (Windows, macOS, and Linux).
• Experience with cloud environments such as Azure, AWS, and GCP.
• Experience with scripting (PowerShell, Python, or Bash) for automation and log parsing desired.
• Embrace a metric-driven approach to continuous improvement.
• Excellent analytical and critical thinking skills; ability to work in high-pressure situations.
• Effective verbal and written communication abilities.
• Meticulous with strong organizational skills and the ability to handle multiple priorities.
• Ability to work independently and within a collaborative, team-oriented environment.
• Minimum 5 years of progressive information security experience.
• At least 4 years focused on incident response, including investigations across different security domains (endpoint, application, DLP, and more).
• Expertise in Infrastructure Security: In-depth understanding of infrastructure security, including Windows, Active Directory, Unix/Linux, Mobile Security, and Privileged Access Management.
• Relevant certifications (one or more preferred): GCFA, GCIH, CHFI, CySA+, MS SC-200, MS SC-400 or similar.
• Candidates should be comfortable with an on-site presence to support collaboration, team leadership, and cross-functional partnership.

Responsibilities

• Detect, analyze, and respond to security incidents detected by EDR, SIEM, and Cloud Security tooling as well as MDR service providers.
• Lead post-incident reviews and drive process improvements.
• Perform advanced threat hunting using Microsoft Defender and related tools.
• Integrate threat intelligence and adapt detection strategies based on real world threats observed by the organization.
• Conduct forensic data acquisition, log analysis, and root cause determination for endpoint incidents.
• Develop and maintain incident response playbooks and runbooks across the security operations toolset.
• Collaborate with analysts and other IR engineers to identify opportunities for improvement and tuning of detection rules.
• Collaborate with IT, legal, HR, communications, and other business units
• Collaborate on the design, implementation, and maintenance of security policies for Microsoft security components, including:
• Defender for Endpoint
• Defender for Cloud Apps
• Microsoft Purview DLP
• Intune Conditional Access & Information Protection
• Regularly review and update policies based on evolving threats and lessons learned.
• Collaborate with compliance and IT teams to enforce security standards and regulatory requirements.

Benefits

• Physical Wellness: Comprehensive medical insurance, dental insurance, and vision insurance; life and disability insurance; fertility benefits; wellness resources; and paid sick time.
• Mental Wellness: Generous paid time off and holidays; Employee Assistance Program (EAP); and a complimentary Calm app subscription.
• Financial Wellness: Immediate vesting in a 401(k) plan; Health Savings Account (HSA) and Flexible Spending Account (FSA) options; commuter benefits; and employee discount programs.
• Family Care: Paid maternity leave and paid paternity leave (including for adoptive parents); legal plan options; and pet insurance coverage.
• … and so much more!
• This list is not exhaustive of all available benefits. Eligibility and waiting periods may apply to certain offerings. Benefits may vary based on subsidiary entity and geographic location.