Responsibilities

Responsibilities

· Investigate and respond to security incidents to contain threats and minimize business

impact.

· Analyze security alerts and events from SIEM (e.g., Rapid7 InsightIDR) and EDR platforms

(e.g., SentinelOne Deep Visibility).

· Conduct in-depth investigations across logs, endpoints, and networks using tools such as FTK

Imager, Autopsy, Velociraptor, Volatility, Zeek, or Security Onion.

· Utilize supporting tools (Arkime, NetworkMiner, Process Explorer, Event Log Explorer) to

perform forensic and network analysis.

· Lead containment, eradication, and remediation actions in collaboration with IT and business

stakeholders.

· Document incident timelines, investigation steps, and lessons learned in post-incident

reports.

· Develop and refine incident response playbooks, detection rules, and process improvements.

· Support proactive threat hunting activities to identify undetected malicious behavior.

· Apply relevant threat intelligence to strengthen detection and response capabilities. · Stay up to date with evolving attack techniques, vulnerabilities, and defensive best practices. · Linux and Windows server engineering experience. · Experience maintaining logging and SIEM environments such as Rapid7 Nexpose, Splunk, ELK, or LogRhythm.

Basic Qualifications

· Bachelor’s degree in information security or relevant work experience

· Operates independently and works well in a team environment

· Proficiency using Microsoft Office applications (Excel, Word, PowerPoint) and Google Suites

· Use discretion and judgment in handling confidential and sensitive information

· Ability to apply judgment and strategic thinking skills to meet team objectives

· Maintain a current understanding of relevant third-party risk management best practices and

regulations

Preferred Characteristics

· Excellent problem-solving skills and attention to detail.

· Strong communication and collaboration skills.

· Ability to manage multiple tasks and projects effectively.