Sr. Cybersecurity Incident Response Engineer

• Incident Detection and Response:
• Act as the Incident Commander when responding to cyber threats.
• Lead incident response efforts in real-time, managing communications and documentation throughout the incident lifecycle. 
• Investigate, contain, and recover from security incidents, ensuring root cause analysis and threat remediation are completed.
• Technical Incident Response:
• Perform in-depth analysis of malware, network attacks, and other security breaches using digital forensic tools and techniques.
• Collect and preserve evidence in a forensically sound manner to support legal and regulatory requirements if needed.
• Automate incident response activities using scripting or other programming skills.
• Streamline technical response process and procedures
• Collaboration and Reporting:
• Collaborate with cross-functional teams, including IT, Product Engineering, Platform operations, and many other stakeholders, to mitigate risks and improve incident response processes.
• Prepare detailed reports on incident findings, root cause analysis, and remediation recommendations for technical and non-technical audiences.
• Continuously improve incident response playbooks, processes, and security controls.
• Security Improvements:
• Identify opportunities to enhance security posture through lessons learned from incidents, emerging threat landscapes, and evolving attack techniques.
• Work closely with Security and Engineering teams to implement stronger security measures.
• Conduct regular tabletop exercises and simulations to test the organization’s incident response readiness.
• Threat Intelligence and Research:
• Stay up-to-date on the latest security trends, vulnerabilities, attack vectors, and threat intelligence to enhance detection and response strategies.
• Actively contribute to knowledge sharing and mentoring within the security team.

• Bachelor’s degree in Computer Science, Information Security, or a related field or equivalent work experience.
• Excellent problem-solving, analytical skills, organizational skills, verbal and written communication, and time management skills. Ability to work well under pressure in a fast-paced environment.
• 3-5 years of experience in cybersecurity, with a focus on incident response, threat hunting, and forensics.
• Hands-on experience with SIEM tools (e.g., Splunk, QRadar), EDR solutions, firewalls, and IDS/IPS.
• Hands-on experience with network protocols, system architectures, and security tools.
• Hands-on experience working with AWS
• Proficiency in analyzing security event logs, malware reverse engineering, and digital forensics.
• Hands-on experience with scripting languages (Ruby, Bash, Python, etc.) for automation and incident response support.

• SANS GCIH, GCFE, GCFA or GREM certifications
• Other Digital forensics and Incident Response certifications. 

#LI-KB1