Lead the end-to-end lifecycle of security incidents, including containment, mitigation, and deep-dive forensic analysis across enterprise environments. Coordinate cross-functional response efforts and translate technical findings into actionable remediation plans for executive leadership.
Job Summary
As an Incident Response Specialist, you will leverage your extensive expertise in digital forensics, incident handling, and crisis management to lead the containment, mitigation, and resolution of advanced security incidents across the organization’s enterprise environment. This role is responsible for the end-to-end lifecycle of security incidents, including coordinating cross-functional response efforts, performing deep-dive forensic analysis, and engineering strategic containment strategies to minimize business impact.
You will serve as a technical leader with deep hands on proficiency in host, network, and cloud forensics, applying incident response best practices to drastically reduce mean time to respond and remediate. This role requires exceptional analytical, problem-solving, and decisive communication skills, allowing you to translate complex technical findings into actionable remediation plans for executive leadership. You will work closely with Detection Engineering, Threat Intelligence, and key partners across the organization to ensure an integrated, proactive defense. You are expected to work independently with minimal supervision, take ownership of security incidents, and provide technical mentorship and training to team members. You will play a key role in shaping the organization's incident response strategy, execution of tabletop exercises, ensure operational resiliency, and the continuous hardening the organization’s overall security posture.
Essential Functions
- Perform advanced digital forensics and incident analysis, including host, network, memory, and log analysis, to determine the root cause, scope, and impact of security breaches.
- Act as the primary technical incident commander during major security events, coordinating cross-functional teams, communication channels, and executive updates.
- Develop, govern, and continuously optimize incident response playbooks, runbooks, and tabletop simulation exercises to ensure organizational readiness.
- Collaborate with the Detection Engineering, Threat Intelligence, and organization stakeholders to translate post-incident findings into proactive detection rules and monitoring controls.
- Author detailed incident post-mortem reports and root-cause analysis documentation for technical teams and executive leadership.
- Conduct post-incident reviews to identify control gaps, procedural bottlenecks, and security weaknesses, translating lessons learned into strategic remediation projects.
- Maintain comprehensive documentation of incident timelines, evidence custody chains, response activities, and compliance metrics.
- Maintain comprehensive documentation of processes and activities.
- Provide technical leadership, guidance, and mentorship to junior and senior incident response analysts and SOC team members.
- Stay abreast of emerging threat actor tactics, techniques, and procedures (TTPs) and regulatory reporting requirements to ensure incident handling processes remain cutting-edge and compliant.
Qualifications
- H.S. Diploma or GED required
- Associate Degree or Bachelor’s Degree in Cyber Security, Computer Science, Information Systems, or related field preferred
- 5+ years of IT or Information Security experience, including 3+ years in Digital Forensics and Incident Response
- Familiarity with MITRE ATT&CK, Cyber Kill Chain, and other threat modeling frameworks preferred
- Experience in scripting, automation (e.g., Python, PowerShell), and AI for security operations preferred
Knowledge, Skills and Abilities
- Deep knowledge of typical IT platforms, operating systems, and configuration methods
- Deep knowledge of security threat tactics, techniques, and procedures (TTPs), incident response methodologies, and detection techniques
- Extensive experience with detection technologies (e.g., IDS/IPS, SIEM) and threat detection practices
- Industry recognized cyber security training or certifications to include SANS, ISC2, EC-Council or CompTIA vendors