Cyber Incident Response Lead - Advanced Response Team (Remote)

8+ years of experience working within cybersecurity or information technology roles, with at least 4+ years as an investigator, analyst, or leader in a Cyber Incident Response Team. Bachelor's Degree in Computer Science, Computer Engineering, Information Systems, Information Security, or a related field, or 11+ years of relevant experience. Knowledge of network protocols (TCP/IP, UDP, ICMP), standard protocols (HTTP/S, DNS, SSH, SMTP, SMB), wireless networking, networking infrastructure, and network topologies. Experience with commercial and open-source SIEMs, full packet capture tools, and network analysis tools (Splunk, Wireshark, SOF-ELK). Exhibit skills using common Incident Response and Security Monitoring applications (SIEM, EDR, WAF, IPS). Hold at least one certification involving incident response, ethical hacking, cyber security, or network forensics (GCIH, ECEH, ECIH, GNFA, CNFE). Hold one Security Management certification (ISC2 CISSP, CISM) or obtain one within the first two years.

Conduct advanced incident response activities to investigate and contain complex cybersecurity matters. Orchestrate workstreams across teams (Forensics and Cyber Threat Hunting). Respond to cybersecurity events and alerts associated with threats, intrusions, or compromises per applicable SLOs. Manage multiple cases related to security incidents throughout the incident response lifecycle. Coordinate conclusion of security incidents according to Process & Procedures. Maintain case documentation, including notes, analysis findings, and root cause. Maintain understanding of common Operating Systems, Security Technologies, and Networking. Interpret device and application logs from various sources to identify root cause. Support overall direction for the CFC and input to security strategy. Mentor and provide advanced support to analysts.