Industry Type:
IT / Software Dev
Job Detail:
Job Summary
We are seeking a highly skilled Incident Responder with expertise in MITRE ATT&CK 7+ years, NIST Cybersecurity Framework (CSF), and Detection Engineering to strengthen our cybersecurity defense and response capabilities. This role requires hands-on experience with SIEM, SOAR, EDR, and email security tools to detect, investigate, and respond to security incidents. The ideal candidate will have deep technical knowledge of security operations, threat detection, and incident handling, as well as a strong ability to collaborate with internal teams to enhance the organization’s security posture.
Key Responsibilities
Incident Detection & Response
- Monitor, investigate, and respond to security incidents in real-time using SIEM, EDR, and SOAR tools.
- Conduct deep-dive forensic investigations on endpoint, network, cloud, and email security incidents.
- Apply the MITRE ATT&CK framework to map threats and develop effective detection and response strategies.
- Utilize Proofpoint and other email security solutions to analyze phishing, malware, and BEC (Business Email Compromise) attacks.
- Work with threat intelligence sources to correlate threat actor activity and improve response capabilities.
- Perform root cause analysis (RCA) on security incidents and document findings for continuous improvement.
Detection Engineering & Security Tool Optimization
- Develop, tune, and optimize SIEM detection rules, correlation alerts, and use cases to improve threat visibility.
- Automate security operations workflows using SOAR to enhance response efficiency.
- Fine-tune EDR policies and response playbooks for improved threat containment and eradication.
- Collaborate with red and blue teams to enhance threat-hunting capabilities and improve detection coverage.
Threat Intelligence & Security Framework Alignment
- Leverage threat intelligence and behavioral analytics to proactively detect and mitigate emerging threats.
- Align incident response processes with NIST CSF, MITRE ATT&CK, CIS, and other industry best practices.
- Work closely with security leadership to improve overall SOC maturity and response strategies.
Collaboration & Continuous Improvement
- Partner with IT, security engineers, and business units to strengthen security defenses.
- Conduct tabletop exercises, purple team engagements, and post-incident reviews to improve detection and response processes.
- Provide training and knowledge-sharing sessions to enhance incident response capabilities within the organization.
- Maintain up-to-date knowledge of cyber threats, vulnerabilities, and attacker TTPs (Tactics, Techniques, and Procedures).
Qualifications & Skills
Required:
- 3+ years of experience in incident response, cybersecurity operations, or SOC roles.
- Strong expertise in MITRE ATT&CK, NIST CSF, and detection engineering methodologies.
- Hands-on experience with SIEM tools 7+ years(Sumo Logic, Splunk, Sentinel, QRadar, or similar) for log analysis and threat detection.
- Expertise in EDR solutions 7+(SentinelOne, CrowdStrike, Carbon Black, or equivalent) for endpoint threat detection and response.
- Experience with SOAR platforms4+ (Phantom, XSOAR, Microsoft Sentinel, etc.) for security automation and orchestration.
- Knowledge of email security solutions (Proofpoint, Mimecast, etc.) for phishing and email threat mitigation.
- Strong analytical and problem-solving skills, with the ability to investigate security events thoroughly.
- Excellent communication skills, with experience in writing incident reports and presenting findings to stakeholders.
Preferred:
- Security certifications such as GCIH, GCFA, CISSP, CEH, or Splunk Certified Security Analyst.
- Experience working with cloud security incident response (AWS, Azure, GCP).
- Knowledge of scripting for security automation (Python, PowerShell, Bash).
- Familiarity with threat-hunting techniques and purple teaming methodologies.
