Main Content

Incident Response Engineer

Position: Incident Response Engineer
Reports To: Director, Information Security
Location: New York, NY or Winston-Salem, NC

Position Summary:

The Information Security group is looking for an Incident Response Engineer as a direct report to the Director, Information Security. In this role, the candidate will provide subject matter expertise for their assigned area(s) of responsibility.  

The Incident Response Engineer is responsible for all aspects of the Incident Response Plan, Security Monitoring and Threat Intelligence. Detects,  prevents, interrupts, stops, documents and communicates risks, threats, events and metrics.  Acts as the subject matter expert on tools used in a  typical Security Operations Center or Managed Security Provider.

This position can be located in Winston-Salem, NC or New York, NY.  


Qualifications Required:

  • Knowledge of ISO 27001, NIST CSF 1.1, CIS, OWASP, FFIEC
  • Knowledge of PCI, PCI DSS, PCI TSP or similar certifications and requirements
  • Knowledge of systems hardening to Industry Standards (DoD, CIS, etc.)
  • Able to automate manually tasks through scripting
  • Manage Case Ticketing and reporting as required
  • Understanding and experience with red-team, blue-team, purple-team and threat hunting processes 
  • Strong Communication Skills
  • Adherence to established Policies, Procedures and Guidelines
  • Continue self-development of knowledge, skills, and abilities
  • Document and communicate incidents, alerts, advisories, and bulletins
  • Primary contact point for everyone who might report potential events

Qualifications Desired:

  • Bachelor's degree in engineering, computer science, or a related field with minimum of 8 years of professional Information Technology experience
  • Information Security Certification(s) that could include CEH, GPEN, CHFI, CFR, CCNA, GCIA, GCIH, GICSP, CHFI, CCNP Security, GSEC, SSCP, CISSP, and/or similar
  • Candidate requires 5+ years of experience delivering incident response and security monitoring in a Security Operations Center or for a MSSP/MSP
  • Very strong analytical and problem solving skills
  • Ability to work with all levels within the organization
  • Membership with FS-ISAC, FSARC, US-CERT, Infragard, and similar is desired
  • Prior experience at a Financial organization, SIFMU, or FSARC member is desired

Essential Functions and Responsibilities:

  • Successfully monitor, detect, identify, understand, document and communicate risks, threats, events, and incidents
  • Investigate alerts, reports, logs and indicators across the entire threat spectrum from malware and phishing, to Advanced Persistent Threat groups
  • Understand and implement kill chains and control processes to preemptively, rapidly and completely identify, prevent, interrupt, and stop, events and incidents
  • Improve and automate incident response monitoring, alerting, event detection, incident documentation.  Minimize false positives based on metrics
  • Assess the impact of potentially malicious traffic on technology and of potential intrusions on the network and infrastructure 
  • Identify intrusion activity from alerts and reports correlated across sensors and systems and determine priority for response
  • Understanding current vulnerabilities, attacks, and countermeasures
  • Propose additional controls to detect and prevent malicious activity
  • Work with third party MSSP, and other company wide engineers, analysts, managers and others on monitoring and incidents, detection and prevention
  • Expertly manage SOC tools, endpoint security, firewalls and related technology
  • Expert at prioritization with multiple alerts across complex technology solutions
  • Life-cycle management of security monitoring platforms including SIEM, Vulnerability Scanners, Intrusion Detection/Protection Systems (IDS) /(IPS), firewalls, DLP, CASB, and/or Threat Intelligence tools and processes
  • Expertise with technologies including Linux, Windows, servers, workstations, software, hardware, networking, middleware, on-premises, cloud, and distributed
  • Expertise with malware analysis, threat vectors, and with APT Tactics, Techniques, Procedures, and Methodologies; Deep understanding of APT IOC’s and activities
  • Identify and remediate gaps within a cycle of continuous improvement
  • Understand, manage and share threat intelligence, including manual and automated inputs, OSINT, proprietary, STIX and TAXII and other inputs
  • Perform threats and vulnerability assessment and analysis
  • Perform in-depth analysis in support of network monitoring and incident response operations
  • Manage Threat Monitoring, Threat Intelligence and business analytics that fuse data from all monitoring feeds for correlation and analysis
  • Research emerging security threats

Physical Demands and Work Environment:

Work is generally sedentary in nature, but may require standing, walking and lifting up to 50lbs. The working environment is generally favorable. Lighting and temperature are adequate, and there are no hazardous or unpleasant conditions caused by noise, dust, etc. Work is generally performed within an office environment, with standard office equipment available.  Travel between offices may be required.

Apply Below*:

  • A letter of interest describing your experience and interest in the position
  • Your resume
  • Names and contact information of three references, or three letters of reference

* Please submit a single application per position.

Submit Your Resume