Sr. Incident Response Engineer

About The Position

Requirements

• BS degree in computer science, computer engineering, software engineering, cybersecurity, or related technical degree; or 5 years equivalent technology experience.
• 5+ years' experience in information security in an enterprise environment.
• 3+ years' experience with incident response processes in datacenter and cloud environments, forensic techniques, and crisis bridge administration.
• Knowledge of malware trends and behaviors, and ability to collaborate with teams to detect and respond to threats.
• Experience with IDS/IPS, Firewall and Network Log analysis, SIEM tools, threat intelligence services, and malware analysis.
• Experience analyzing network and host-based security events.
• Familiarity with attacker tactics, techniques, and procedures.
• Experience with Windows and Linux Operating Systems.
• Knowledge of software and operating systems vulnerabilities, and Unix/Linux.
• Understanding of cybersecurity practices, operations risk management, and vulnerability risk.
• Experience with controls or frameworks such as NIST 800-53, NIST CSF, CIS, MITRE ATT&CK.
• Knowledge of issues related to cyber operations strategy, policy, and organization.
• Experience creating workflows and remediation plans for identified vulnerabilities.
• Incident Response experience in a healthcare environment.
• Experience using ServiceNow for SIR, CMDB, and/or ITSM functions.
• Contribution or development of policies and standards.
• Experience participating in or leading security tabletop exercises.

Nice To Haves

• Certified Information Systems Security Professional (CISSP) certification
• Certified Information Security Manager (CISM) certification
• GIAC Certified Incident Handler (GCIH) certification
• FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
• FOR500: Windows Forensic Analysis

Responsibilities

• Conduct security investigations and lead security incident response in a cross-functional environment.
• Actively call and lead security incident bridges and coordinate internal incident response efforts between operations teams and managed security services.
• Develop Incident Response initiatives to improve capabilities for responding to and remediating security incidents.
• Expand the SIEM program, ensuring log coverage, alert development, and process improvement.
• Partner with cyber threat intelligence, vulnerability management, and technology remediation groups to improve detection and response efficacy.
• Support broader security operation initiatives within the cyber defense team and across engineering and operation departments.
• Act as a security liaison to Managed Service counterparts.
• Create and improve security playbooks for various incident and compromise types.

Benefits

• Immediate eligibility for health and welfare benefits
• 401(k) savings plan with dollar-for-dollar match up to 5%
• Tuition Reimbursement
• PTO accrual beginning Day 1