Job Description:
The Incident Response Engineer must have experience for leading and coordinating incident response activities to effectively detect, analyze, and mitigate security incidents. Strong background in cybersecurity, hands-on experience with incident response procedures and tools, and a commitment to maintaining the security posture of the organization and the ability to work in an existing environment.
Responsibilities:
- Lead and coordinate incident response activities in accordance with established procedures and protocols set by the customer.
- Optimize, detect, analyze, and respond to security incidents in real-time to minimize the impact on the organization.
- Investigate security alerts, conduct root cause analysis, and determine the scope and severity of incidents.
- Develop and implement incident response plans, playbooks, and procedures to streamline response efforts.
- Collaborate with existing SOC operations, customer leadership, and cross-functional teams to coordinate incident response activities, which may include the customer’s IT, legal, and senior leadership.
- Provide technical expertise and guidance to the existing SOC (Security Operations Center) analysts during incident investigations.
- Document incident response activities, findings, and remediation efforts for reporting and analysis purposes.
- Conduct post-incident reviews and lessons learned sessions to identify areas for improvement and enhance incident response capabilities.
Requirements:
- Hands-on experience with incident response tools and technologies such as SIEM, EDR, and forensic analysis tools, preference for Elastic.
- Strong understanding of incident response procedures, methodologies, and best practices.
- Proficiency in scripting and automation for incident response workflows (e.g., Python, PowerShell).
- Excellent analytical and problem-solving skills, with the ability to work under pressure in high-stress situations.
- Relevant certifications such as CISSP, GIAC, or incident response certifications are a plus.