Cyber Incident Responder

Description

We are seeking a skilled Cyber Incident Responder to join our security operations team. This role is critical in detecting, analyzing, and responding to cybersecurity incidents across our infrastructure. The ideal candidate will lead incident response efforts, conduct security investigations, minimize business impact from security events, and drive continuous improvement in our security posture through lessons learned and proactive threat hunting.

Core Responsibilities:

• Incident Detection & Analysis: Monitor security alerts from multiple sources (SIEM, EDR, IDS/IPS, cloud security tools) to identify potential security incidents and determine their scope and severity
• Incident Response Leadership: Lead the response to security incidents following established incident response procedures, coordinating with cross-functional teams to contain, eradicate, and recover from security events
• Security Investigations: Conduct thorough investigations of security incidents, including root cause analysis, timeline reconstruction, and impact assessment
• Threat Containment: Implement containment strategies to prevent lateral movement and minimize damage during active security incidents
• Digital Forensics: Perform forensic analysis on compromised systems, memory dumps, and network traffic to identify indicators of compromise (IOCs) and attack methodologies
• Malware Analysis: Analyze malicious code and suspicious files to understand threat actor tactics, techniques, and procedures (TTPs)
• Incident Documentation: Create detailed incident reports documenting findings, response actions, timelines, and recommendations for executive and technical audiences
• Threat Intelligence: Leverage threat intelligence feeds and frameworks (MITRE ATT&CK) to understand emerging threats and improve detection capabilities
• Cloud Security Monitoring: Monitor and respond to security events in AWS cloud environments, investigating suspicious activities and misconfigurations
• Security Tool Management: Deploy, configure, and maintain security monitoring and response tools including SIEM, EDR, and cloud security platforms
• Process Improvement: Develop and refine incident response playbooks, runbooks, and standard operating procedures based on lessons learned
• Security Awareness: Collaborate with teams across the organization to communicate security incidents and promote security-conscious practices

Required Qualifications:

Experience:

• 3+ years of hands-on experience in cybersecurity incident response, security operations, or related roles
• Proven track record of successfully managing and remediating security incidents and breaches
• Experience responding to various incident types including malware infections, data breaches, insider threats, and advanced persistent threats (APTs)
• 5+ years of experience in IT security with focus on cloud security architectures and implementations

Technical Expertise:

Incident Response & Frameworks:

• Deep understanding of the complete incident response lifecycle: preparation, identification, containment, eradication, recovery, and post-incident analysis
• Proficiency with incident response frameworks and methodologies (NIST 800-61, SANS Incident Handler’s Handbook, MITRE ATT&CK framework)
• Experience developing and executing incident response plans and playbooks

Digital Forensics:

• Solid understanding of digital forensics principles, evidence handling, and chain of custody procedures
• Hands-on experience with forensic tools such as EnCase, FTK (Forensic Toolkit), Volatility (memory forensics), Autopsy, and X-Ways
• Knowledge of filesystem forensics, memory analysis, and artifact recovery techniques
• Familiarity with forensic imaging and preservation of evidence

Threat Detection & SIEM:

• Strong experience with Security Information and Event Management (SIEM) platforms such as Splunk, LogRhythm, or Elastic Security
• Proficiency in creating detection rules, correlation searches, and security use cases
• Understanding of threat detection methodologies including signature-based, anomaly-based, behavior-based, and heuristic detection
• Experience with log analysis and pattern recognition

Network Security & Analysis:

• Expert-level understanding of network protocols, particularly TCP/IP, HTTP/HTTPS, DNS, and common application protocols
• Advanced proficiency with network traffic analysis tools including Wireshark, tcpdump, Zeek (Bro), and NetworkMiner
• Ability to identify malicious network traffic patterns and command-and-control (C2) communications
• Knowledge of network-based attacks and intrusion detection techniques

Endpoint Security:

• Strong understanding of malware types (trojans, ransomware, rootkits, worms) and malicious behaviors
• Deep knowledge of endpoint security best practices, hardening techniques, and mitigation strategies
• Extensive experience with Endpoint Detection and Response (EDR) solutions such as CrowdStrike Falcon, Microsoft Defender for Endpoint, Carbon Black, or SentinelOne
• Familiarity with host-based forensics and volatile data collection

Cloud Security (AWS):

• Demonstrated experience securing and investigating incidents in AWS cloud environments
• Hands-on experience with AWS security services including:
  • AWS Security Hub for centralized security findings
  • Amazon GuardDuty for threat detection
  • Amazon Inspector for vulnerability assessments
  • AWS CloudTrail for audit logging and investigation
  • AWS Config for configuration monitoring
  • Amazon Cognito security
  • AWS IAM for access management
  • AWS KMS for encryption management
• Understanding of cloud-specific attack vectors and security challenges
• Experience with cloud security posture management (CSPM) tools

Security Technologies:

• Proficiency with security technologies including firewalls, VPNs, intrusion detection/prevention systems (IDS/IPS), web application firewalls (WAF), and data loss prevention (DLP)
• Experience with vulnerability management and security scanning tools
• Knowledge of encryption technologies and secure communications

Cloud Infrastructure & DevSecOps:

• Experience with containerized environments and security in orchestration platforms (Kubernetes, Docker, OpenShift)
• Familiarity with Infrastructure-as-Code (IaC) security (Terraform, CloudFormation)
• Understanding of CI/CD pipeline security and GitOps operational models
• Knowledge of container security best practices, image scanning, and runtime protection
• Experience with automated security scanning and compliance monitoring
• Understanding of service mesh security and mutual TLS implementations

Compliance & Standards:

• Working knowledge of security frameworks and compliance requirements including NIST Cybersecurity Framework, HIPAA, SOC 2, PCI-DSS, and ISO 27001
• Experience conducting security assessments, audits, and gap analyses
• Understanding of regulatory reporting requirements for security incidents

Preferred Qualifications:

Certifications:

• GCIH (GIAC Certified Incident Handler)
• GCFA (GIAC Certified Forensic Analyst)
• GNFA (GIAC Network Forensic Analyst)
• GCIA (GIAC Certified Intrusion Analyst)
• CEH (Certified Ethical Hacker)
• CISSP (Certified Information Systems Security Professional)
• AWS Certified Security – Specialty
• CCSP (Certified Cloud Security Professional)

Additional Skills:

• Experience with threat hunting and proactive security operations
• Knowledge of scripting languages (Python, PowerShell, Bash) for automation and analysis
• Familiarity with threat intelligence platforms (TIPs) and OSINT techniques
• Experience with red team/purple team exercises
• Understanding of adversary emulation and attack simulation
• Participation in CTF competitions or security research
• Experience with security orchestration, automation, and response (SOAR) platforms

Key Competencies:

• Analytical Thinking: Exceptional analytical and critical thinking skills to quickly assess complex security incidents, identify root causes, and determine appropriate response actions
• Technical Acumen: Strong technical foundation across networks, systems, applications, and cloud technologies with ability to quickly learn new tools and techniques
• Communication Excellence: Outstanding written and verbal communication skills with ability to clearly explain complex technical security incidents to non-technical stakeholders, executives, and board members
• Calm Under Pressure: Ability to remain composed and make sound decisions during high-pressure security incidents with significant business impact
• Collaboration: Proven ability to work effectively with cross-functional teams including IT operations, development, legal, compliance, and executive leadership
• Attention to Detail: Meticulous approach to incident investigation, evidence collection, and documentation
• Time Management: Strong ability to prioritize multiple concurrent incidents based on business impact and risk
• Continuous Learning: Passion for staying current with evolving threat landscape, attack techniques, and defensive technologies
• Problem-Solving: Creative and systematic approach to investigating and resolving complex security incidents
• Ownership & Accountability: Takes ownership of incidents from detection through resolution and follows through on lessons learned

What We Offer:

• Opportunity to work on challenging and diverse security incidents
• Exposure to cutting-edge security technologies and cloud environments
• Collaborative team environment with skilled security professionals
• Professional development including training, certifications, and conference attendance
• Career growth opportunities within cybersecurity and security operations
• Meaningful work protecting critical systems and sensitive data

Join our team and be at the forefront of defending against cyber threats in a dynamic cloud-native environment.