Incident Response Engineer

Role Summary:

This is a front-line monitoring role, part of the team responsible for triaging and addressing security alerts.
The role involves investigating cues from multiple sources (e.g., alerts, security tools, Slack messages, etc.).
Candidates must be flexible to cover shift gaps as needed.
Approx. 95% of hours will be regular, but availability for off-hours or rotation is important.

Must-Have Skills:

Experience working in an in-house Security Operations Center (SOC) or security team.
Ability to address real-time security incidents and follow through on alerts.
Familiarity with security operations, cyber threat hunting, and cybersecurity risk identification.
Stability and flexibility
Missing shift then will be fired
Querying (SQL and SPO language) and technical exp in big data – creating scripts
Must be willing to perform shift work, weekends, and holidays as well as participate in a rotating shift consisting of four (4) 10-hour shifts with four days on, three (3) days off and possible rotations across Day, Swing, and Graveyard shifts as needed

Strong understanding of:

Application security
Information security engineering
Big data log analysis
Cyber threat intelligence

Preferred Background:

Manager prefers candidates with a developer background over a traditional analyst.
Titles like Application Security Developer or Information Security Engineer are strong fits.
Experience as a Cyber Threat Analyst, Cyber Operations Analyst, or Cybercrime Analyst is also relevant.
AI experience
Pen testing or Red Teaming

Nice to Have:

Digital forensics skills
Familiarity with log analysis at scale
Background in cybercrime investigations

Not a Match:

Candidates from MSSPs (managed security service providers) or external security vendors who haven't worked in-house at an enterprise SOC
Candidates who are purely analysts with no exposure to application-level security or internal tooling
Not a role for Architects