Security Incident Responder

Description

Job Description

Snowbit is looking for an experienced Security Incident Responder to join our Managed Detection and Response (MDR) team. This role requires expertise in incident response, threat hunting, and forensic investigations, with a strong emphasis on cloud environments and Kubernetes. You will lead efforts to protect our customers from advanced cyber threats while contributing to the continuous improvement of Snowbit’s methodologies, processes, and technology stack.

Requirements

What You’ll Do:

• Leverage Snowbit’s advanced MDR platform to lead large-scale incident response investigations and proactive threat-hunting initiatives.
• Conduct log analysis, and cloud artifact reviews using EDR and similar tools depending on availability, to support incident resolution and root-cause investigations.
• Investigate and respond to security incidents in containerized environments, with a specific focus on Kubernetes security and architecture.
• Research evolving cyberattack tactics, techniques, and procedures (TTPs) to strengthen customer defenses and codify insights for our services.
• Provide technical and executive briefings to customers, including recommendations to mitigate risk and enhance cybersecurity posture.
• Collaborate with internal teams, including engineering and research, to enhance Snowbit’s MDR and incident response capabilities.
• Partner with customer teams (IT, DevOps, and Security) to ensure seamless integration and adoption of Snowbit’s MDR services.
• Share expertise through presentations, research publications, and participation in the global cybersecurity community.

Experience: 

• 3-5 years in incident response, threat hunting with strong experience in cloud security (AWS, Azure, GCP) and Kubernetes environments.
• Proven Incident response experience in complex environments.

Technical Skills:

• Demonstrates strong expertise in understanding adversary tactics and techniques, translating them into actionable investigation tasks, conducting in-depth analysis, and accurately assessing the impact.
• Familiarity with attack vectors, malware families, and campaigns.
• Deep understanding of network architecture, protocols, and operating system internals (Windows, Linux, Unix).
• Expertise in Kubernetes security, including container orchestration, workload isolation, and cluster hardening.
• Experience securing Kubernetes infrastructure, runtime security, and security monitoring.

Problem-Solving: 

• Ability to work independently and collaboratively in dynamic, fast-paced environments.

Communication: 

• Excellent written and verbal communication skills to interact with technical and non-technical stakeholders.

Preferred Skills:

• Scripting skills (e.g., Python, PowerShell)
• Experience with Red Team operations, penetration testing, or cyber operations.
• Hands-on knowledge of attack frameworks (e.g., MITRE ATT&CK, Metasploit, Cobalt Strike).
• Proficiency in host forensics, memory forensics, and malware analysis.