We are looking for a highly capable Incident Response Security Engineer to join our engineering team. This role blends deep technical skills with strategic execution to lead incident response efforts, develop resilient infrastructure, and strengthen our overall security posture. You will work directly with the customer and act as the main liaison and IR Lead throughout the incident. You may also work collaboratively with software, infrastructure, and other security engineers during the engagement. Developing and maintaining positive professional relationships with our client are paramount.You'll work collaboratively with software, infrastructure, and security engineers to proactively reduce risk and react decisively when incidents occur.

As part of the engineering organization, you’ll also help shape the security tooling stack, integrate secure practices into infrastructure and application design, and contribute to the long-term roadmap for scalable, automated, and modern security operations.

Incident Response & Recovery

• Lead and coordinate the full lifecycle of security incidents—detection, containment, remediation, recovery, and post-incident analysis.
• Develop and maintain playbooks and execution guides to ensure efficient and repeatable response processes.
• Conduct forensic investigations and analyze attacker tactics to improve defenses.
• Collaborate with legal, executive, and technical stakeholders during response and communications.

Security Engineering & Architecture

• Design and implement secure network and identity architectures, including segmentation strategies, firewalls, and access controls.
• Implement and enforce hardening standards across Windows and Unix endpoints.
• Engineer host and network-level defenses, such as application allowlisting, Credential Guard, Device Guard, and PAM practices.
• Assist in deploying and managing cloud security controls in AWS, Azure, and/or GCP environments.

Tooling, Automation & Monitoring

• Operate and enhance security tooling (Stellar Cyber, Sentinel One, EDR, ELK, Syslog, Email Threat Protection, honeypots).
• Use and tune SIEM and SOAR platforms for proactive detection, correlation, and automated response.
• Develop scripts and automation using PowerShell, Python, or Terraform to streamline IR, detection, and hardening efforts.

Proactive Defense & Vulnerability Management

• Conduct security assessments and internal audits to identify weaknesses and recommend solutions.
• Contribute to vulnerability management lifecycle, from discovery through remediation and tracking.
• Engage in penetration testing, red team/blue team exercises, and threat modeling.

Cross-Functional Collaboration

• Partner with engineering teams to bake security into infrastructure-as-code, CI/CD pipelines, and platform architecture.
• Work with client teams (if applicable) to scope engagements and execute remediation collaboratively.
• Mentor junior engineers and elevate overall security awareness across the organization.

Strategic Initiatives

• Help define and execute a multi-year roadmap for incident response and security engineering maturity.
• Evaluate and pilot new technologies and platforms to increase SOC capabilities and reduce detection gaps.
• Contribute to improving internal methodologies, documentation, and engineering workflows.

• 5+ years of experience in incident response, cybersecurity engineering, or SOC leadership.
• Proficiency in incident response methodologies, root cause analysis, and post-incident documentation.
• Strong technical depth in:
  • Active Directory, IAM protocols (SAML, OAuth, LDAP)
  • Operating systems (Windows, Unix/Linux)
  • Cloud environments (Azure, AWS, GCP)
  • Networking concepts, VPNs, VLANs, IDS/IPS, TLS
• Experience with Trellix, Sentinel One, ELK, EDR, SIEM, SOAR, and related tools.
• Fluency in scripting (e.g., Python, PowerShell) and experience with automation tools (Ansible, Terraform).
• Excellent communication skills with both technical and non-technical stakeholders.

Preferred Qualifications

• Bachelor’s degree in Computer Science, Information Security, or a related technical field.
• Industry certifications such as CISSP, GCIH, CISM, CEH, or Security+.
• Prior experience in an engineering-heavy organization with cross-functional incident response.
• Demonstrated leadership in incident coordination or security operations tooling development.