Cybersecurity Incident Responder

• Medical, dental, and vision plans with no-cost and low-cost options
• Annual employer HSA contribution
• 401(k) matching and immediate vesting
• Vehicle purchase and lease discounts, plus monthly vehicle allowances by job level:

• 100% employer-paid life and disability insurance
• No-cost health and wellbeing programs, including a gym benefit
• Six weeks of paid parental leave
• Paid Volunteer Time Off, plus a company donation to a charity of your choice

Incident Response & Remediation:

• Serve as a lead responder for cybersecurity incidents, correlating data from endpoints, networks, and cloud environments to identify true positives and escalate critical incidents.
• Own the end to end incident lifecycle: identification, containment, eradication, recovery and post incident analysis.
• Perform forensic analysis on endpoint, log and cloud data to determine root cause, scope and impact.
• Develop, maintain an execute incident response playbooks and runbooks to ensure consistent and repeatable response.
• Coordinate and direct MSSP and third party incident responders, validating escalation and ensuring response quality.
• Maintain accurate incident records, investigation notes, and remediation documentation.
• Produce incident metrics and SOC KPI’s (MTTD, MTTR, alert volume, escalation quality)
• Maintain incident response documentation, playbooks, and SOC procedures to support audits and regulatory requirements.
• Lead post incident reviews, documenting lessons learned and driving measurable improvements in detection and response.

Security Monitoring & Threat Detection:

• Actively monitor, investigate and validate security alerts across SIEM, EDR, E-Mail, identity, network and cloud platforms.
• Perform advanced alert triage and threat analysis, correlating telemetry across multiple data sources to distinguish true threats from noise.
• Tune and optimize SIEM detections, analytics and alerting logic and AI, to improve signal quality and reduce false positives.
• Leverage threat intelligence platforms to identify emerging financial sector threats, and translate intelligence into actionable detection use cases.

SOC Tooling & Detection Enablement:

• Develop and refine detection rules, signatures, and alert logic aligned to current threat activity.
• Implement response automation and enrichment to accelerate triage and containment.
• Partner with architecture and engineering teams to ensure log visibility and telemetry coverage.

Cross Functional Response & Security Integration:

• Collaborate with IT Infrastructure, IAM, DLP, Application Security and Cloud teams during active incidents.
• Support vulnerability management activities related to active incidents, threat exposure and detection gaps.
• Provide incident driven security input into cloud migrations, application launches and infrastructure changes.

What You Will Bring

• Minimum 5-7 years progressive experience in cybersecurity with proven knowledge in Security Operations Center practices and incident response processes.
• Experience in financial services a plus.
• Hands-on experience with SIEM platforms, EDR solutions, and other Monitoring and Vulnerability management tools (e.g., Splunk, Crowdstrike, Rapid 7)
• Strong understanding of cyber threat landscapes, attack vectors, MITRE ATT&CK framework, and adversary tactics, techniques, and procedures
• Bachelor’s degree in Computer Science, Information Security, or related field; or equivalent work experience.
• Certification in one of the following: CySA+, GCIH, CompTIA Security +, GIAC GSOC, GCFA, MS SC-200, CCSP, CISM, Splunk Core Certified User, or equivalent.
• Demonstrated hands-on experience in incident response lifecycle, including detection, triage, containment, eradication, recovery, and post-incident review.
• Demonstrated ability to manage major incident investigations, including root cause analysis, executive reporting, and coordination with legal, compliance, and law enforcement when necessary.
• Familiarity with regulatory and compliance frameworks such as HIPAA, PCI-DSS, NIST, ISO 27001, and GDPR.
• Proven ability to develop and maintain incident response playbooks, escalation procedures, and SOC standard operating procedures (SOPs).
• Experience with cybersecurity metrics and KPIs, and the ability to communicate risk and operational performance to executive leadership.
• Analytical mindset with attention to detail.
• Excellent communication and documentation skills.
• Ability to work under pressure and manage multiple incidents simultaneously.
• Passion for continuous learning and staying ahead of emerging threats.