Senior Security Engineer – Incident Response

Overview

Join our dynamic cybersecurity team as a Senior Security Engineer specializing in Incident Response. In this role, you will be responsible for leading real-world incident investigations, helping organizations respond to security events, and strengthening their ability to detect and handle attacks in the future.

You will work directly with engineering and security teams to investigate incidents, guide containment and remediation efforts, and identify gaps in detection, logging, and response processes. In addition to responding to incidents, this role includes helping organizations improve incident readiness through tabletop exercises, runbook development, and targeted security testing designed to simulate realistic attacker behavior.

This is a hands-on role suited for someone who enjoys both defensive and offensive security work and is comfortable operating in fast-paced environments where clear thinking and strong communication are critical.

Duties

• Lead incident response efforts by identifying, analyzing, and mitigating cybersecurity threats across diverse IT infrastructure environments.
• Investigate suspected or confirmed security incidents including identity compromise, endpoint intrusion, malware activity, cloud account compromise, and data exfiltration scenarios.
• Analyze security telemetry such as endpoint detection logs, identity provider logs, and cloud audit logs to determine attacker activity and potential impact.
• Guide organizations through containment, eradication, and recovery decisions during active security incidents.
• Develop and refine incident response processes including escalation workflows, response procedures, communication plans, and incident response runbooks.
• Assist organizations in implementing incident notification and on-call response processes to ensure rapid engagement during security events.
• Conduct tabletop exercises based on realistic attack scenarios to validate response procedures and organizational readiness.
• Perform scoped penetration testing, red team, or purple team exercises designed to simulate specific attacker techniques or attack paths defined by the client.
• Identify gaps in security visibility, detection capabilities, and response processes based on findings from incident investigations or testing activities.
• Provide detailed technical reports and remediation recommendations following investigations, testing engagements, or readiness exercises.
• Collaborate with engineering and security leadership to improve security architecture, logging strategy, and incident preparedness.
• Support incident recovery processes and document lessons learned to strengthen future response efforts.

Skills

• Strong knowledge of cybersecurity incident response, threat detection, and investigation techniques.
• Experience analyzing logs and telemetry from sources such as EDR platforms, identity providers, cloud audit logs, and SIEM systems.
• Understanding of attacker techniques including credential theft, lateral movement, persistence mechanisms, and data exfiltration.
• Experience performing penetration testing, adversary simulation, or red/purple team engagements.
• Experience investigating incidents in cloud environments such as AWS
• Solid understanding of computer networking concepts including TCP/IP, DNS, routing, and common enterprise network architectures.
• Experience working with operating systems including Linux and Windows and understanding host-based security concepts.
• Familiarity with identity and access management systems such as Active Directory, SSO platforms, and cloud identity providers.
• Experience writing scripts or automation tools using languages such as Python, Bash, or similar.
• Strong written and verbal communication skills with the ability to explain complex security issues to both technical and non-technical stakeholders.
• Ability to operate independently, prioritize during high-pressure situations, and communicate clearly during active security incidents.
• Experience working in consulting or client-facing environments is a strong plus.

Pay: $55.00 - $65.00 per hour

Work Location: Remote