Sr. Security Engineer (Digital Forensic and IR Analyst)

Job Summary:

We are seeking an experienced Incident Response (IR) Lead with 5 to 7 years of hands-on experience in cybersecurity operations, incident handling, and threat management. The ideal candidate will be responsible for leading security incident investigations, coordinating response efforts, and enhancing the organization’s cyber resilience. This role requires a deep understanding of security technologies, attack techniques, and frameworks such as NIST, MITRE ATT&CK, and ISO 27001.

Key Responsibilities:

Incident Handling & Response:

• Lead the end-to-end incident response lifecycle, including detection, containment, eradication, and recovery.
• Analyze and investigate security alerts, correlating logs and threat intelligence to assess impact.
• Conduct forensic analysis on compromised systems and networks to determine the root cause.
• Collaborate with cross-functional teams to contain and mitigate security incidents.
• Develop detailed post-incident reports (PIRs) and lead incident debrief sessions.

Threat Intelligence & Hunting:

• Utilize threat intelligence feeds, MITRE ATT&CK, and SIEM correlation rules to proactively identify threats.
• Conduct threat-hunting exercises to detect anomalies and suspicious activities.
• Maintain awareness of the latest TTPs (Tactics, Techniques, and Procedures) used by threat actors.

Security Operations & Automation:

• Work closely with SOC analysts to enhance detection and response capabilities.
• Implement automation and SOAR playbooks to improve response time and reduce manual efforts.
• Fine-tune SIEM detection rules, alerts, and logging mechanisms to reduce false positives.

Compliance & Reporting:

• Ensure compliance with industry standards and regulatory requirements (NIST, ISO 27001, GDPR, etc.).
• Assist in audit and compliance efforts related to security incident management.
• Prepare executive-level reports on IR metrics, trends, and response effectiveness.

Required Skills & Qualifications:

• 5 to 7 years of experience in Incident Response, Security Operations (SOC), or Threat Intelligence.
• Strong knowledge of EDR, SIEM (Splunk, Microsoft Sentinel, or similar), SOAR, IDS/IPS, and forensic tools.
• Hands-on experience with malware analysis, digital forensics, and reverse engineering.
• Familiarity with frameworks like MITRE ATT&CK, NIST CSF, CIS Controls, and ISO 27001.
• Proficiency in log analysis, network security monitoring, and packet analysis (Wireshark, Zeek, etc.).
• Strong scripting skills in Python, PowerShell, or Bash for automation and threat hunting.
• Excellent communication skills to interact with stakeholders, executives, and technical teams.
• Security certifications such as GCFA, GCIH, CISM, CISSP, or CEH are preferred.

Preferred Qualifications:

• Experience in cloud security (Azure, AWS, GCP) incident response.
• Exposure to Red Team / Blue Team methodologies.
• Knowledge of MITRE D3FEND and adversary emulation techniques.

Why Join Us?

• Opportunity to lead high-impact security investigations in a dynamic environment.
• Work with a team of skilled cybersecurity professionals.
• Competitive compensation and growth opportunities in cybersecurity leadership.

Our Values

If you want to know the heart of a company, take a look at their values. Ours unite us. They are what drive our success – and the success of our customers. Does your heart beat like ours? Find out here: Core Values

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.