Main Content

Incident Response Engineer

Position: Incident Response Engineer
Reports To: Director, Information Security
Location: New York, NY, Winston-Salem, NC, or Dallas TX

Position Summary:

The Clearing House (TCH) Information Security (IS) group, responsible for information security and risk management across TCH is looking for an Incident Response Engineer. 

This is the primary incident responder who detects, prevents, interrupts, stops, documents and communicates risks, threats, events and metrics.  This person is responsible for Security Monitoring, Incident Response, Threat-Intelligence; and as the subject matter expert on operational tools and processes typically found in Security Operations Centers or Managed Security Providers.


Qualifications Required:

  • Must be a skilled and expert Security Monitoring and Incident Response Engineer. 
  • Secondary skill with Vulnerability scanner, Intrusion Detection/Protection Systems (IDS) / (IPS), firewalls, and signature development is highly desired.
  • Additionally, significant experience with Linux and Windows operating systems, knowledge of virtual environments, malware analysis and APT Methodologies.
  • Candidate should have broad technical knowledge on a number of security technologies and a solid understanding of information and networking security.
  • Soft skills such as the ability to build relationships, build consensus, negotiate solutions, and guide customers through their decision process are highly desirable.
  • Bachelor's degree in engineering, computer science, or a related field with minimum of 8 years of professional Information Technology experience.
  • Information Security Certification(s) that could include CEH, CHFI, CFR, CCNA, GCIA, GCIH, GICSP, CHFI, CCNP Security, GSEC, SSCP, CISSP, and/or similar. 
  • Candidate requires 5+ years of experience delivering incident response and security monitoring in a Security Operations Center or for a MSSP/MSP. 
  • Very strong analytical and problem solving skills.
  • Ability to work with all levels within the organization

Qualifications Desired:

  • Membership with FS-ISAC, FSARC, US-CERT, Infragard, and similar is desired
  • Prior experience at a financial organization, SIFMU, or FSARC member is desired
  • Knowledge of ISO 27001, NIST CSF 1.1, CIS, OWASP, FFIEC
  • Knowledge of PCI, PCI DSS, PCI TSP or similar certifications and requirements
  • Knowledge of systems hardening to Industry Standards (DoD, CIS, etc.)
  • Able to Script automated tasks
  • Manage Case Ticketing and reporting as required
  • Understanding and experience with red-team, blue-team, purple-team and threat hunting processes
  • Membership with FS-ISAC, FSARC, US-CERT, and other relevant forums
  • Strong Communication Skills
  • Strong Analytical and Problem Solving Skills
  • Ability to work with all levels of the organization

Essential Functions and Responsibilities:

Incident Response Skills

  • Successfully monitor, detect, identify, understand, document and communicate risks, threats, events, and incidents. 
  • Investigate alerts, reports, logs and indicators across the entire threat spectrum from malware and phishing, to Advanced Persistent Threat groups.
  • Understand and implement kill chains and control processes to preemptively, rapidly and completely identify, prevent, interrupt, and stop, events and incidents.
  • Improve and automate incident response monitoring, alerting, event detection, incident documentation.  Minimize false positives based on metrics.
  • Assess the impact of potentially malicious traffic on technology and of potential intrusions on the network and infrastructure.
  • Identify intrusion activity from alerts and reports correlated across sensors and systems and determine priority for response.
  • Understanding current vulnerabilities, attacks, and countermeasures.
  • Propose additional controls to detect and prevent malicious activity.
  • Work with third party MSSP, and other company wide engineers, analysts, managers and others on monitoring and incidents, detection and prevention.

Security Monitoring Skills

  • Expertly manage SOC tools, endpoint security, firewalls and related technology.
  • Expert at prioritization with multiple alerts across complex technology solutions.
  • Life-cycle management of security monitoring platforms including SIEM, Vulnerability Scanners, Intrusion Detection/Protection Systems (IDS) / (IPS), firewalls, DLP, CASB, and/or Threat Intelligence tools and processes.
  • Expertise with technologies including Linux, Windows, servers, workstations, software, hardware, networking, middleware, on-premises, cloud, and distributed. 
  • Expertise with malware analysis, threat vectors, and with APT Tactics, Techniques, Procedures, and Methodologies. Deep understanding of APT IOC’s and activities.
  • Identify and remediate gaps within a cycle of continuous improvement.

Threat Intelligence and Analysis Skills:

  • Primary Threat Intelligence Engineer taking in, analyzing, organizing, communicating and using threat intelligence for TCH.
  • Understand, manage and share threat intelligence, including manual and automated inputs, OSINT, proprietary, STIX and TAXII and other inputs.
  • Perform threats and vulnerability assessment and analysis.
  • Perform in-depth analysis in support of network monitoring and incident response operations.
  • Manage Threat Monitoring, Threat Intelligence and business analytics that fuse data from all monitoring feeds for correlation and analysis.
  • Research emerging security threats.
  • Adherence to established Policies, Procedures and Guidelines.
  • Continue self-development of knowledge, skills, and abilities.
  • Document and communicate incidents, alerts, advisories, and bulletins.
  • Primary contact point for everyone who might report potential events.

Physical Demands and Work Environment:

Work is generally sedentary in nature, but may require standing, walking and lifting up to 50lbs. The working environment is generally favorable. Lighting and temperature are adequate, and there are no hazardous or unpleasant conditions caused by noise, dust, etc. Work is generally performed within an office environment, with standard office equipment available.  Travel between offices may be required.

Apply Below*:

  • A letter of interest describing your experience and interest in the position
  • Your resume
  • Names and contact information of three references, or three letters of reference

* Please submit a single application per position.

Submit Your Resume