Incident Response Engineer ( IR Engineer ) - Vertex Global Solutions

Our client, one of New York's leading academic health systems, is looking for an Incident Response Engineer (Specializing in Incident Response Tools Management) for a remote position.

Job Title: Incident Response Engineer (Specializing in Incident Response Tools Management)
Salary: $170,000.00/YR
Position: Direct Hire
Location: Remote
Department: Information Security
Reports To : Director of Cybersecurity

The Incident Response Engineer, with a specialization in Incident Response Tools Management, is a key leader within the cybersecurity team responsible for the deployment, configuration, and optimization of tools used to detect, investigate, and respond to security incidents. This role involves ensuring that the incident response tools are properly integrated, maintained, and leveraged to enhance the organization's ability to respond to threats effectively. The Incident Response Engineer collaborates with various teams to optimize the use of these tools, provide guidance on tool capabilities, and ensure the organization's incident response capabilities are cutting-edge.

Key Responsibilities:

• Oversee the selection, implementation, and management of incident response tools such as Security Information and Event Management (SIEM) systems, Endpoint Detection and Response (EDR) solutions, Intrusion Detection Systems (IDS), and forensic tools.
• Ensure tools are configured to capture the necessary data for effective incident detection and response.
• Regularly review and update tool configurations to align with emerging threats and organizational needs.
• Lead the integration of incident response tools with other security systems and platforms within the organization.
• Optimize the performance of these tools to enhance the detection and response to security incidents.
• Develop and implement best practices for the use of incident response tools across the cybersecurity team.
• Utilize incident response tools to detect, investigate, and respond to security incidents.
• Conduct in-depth analysis using SIEM, EDR, and other tools to identify the root cause of incidents and determine the appropriate remediation actions.
• Lead efforts to automate incident response processes using scripting and tool capabilities.
• Ensure that all incident response tools are up-to-date with the latest patches, updates, and configurations.
• Manage tool licenses, renewals, and vendor relationships.
• Plan and execute upgrades or migrations to new tools as needed.
• Work closely with security operations, vulnerability management, and IT teams to ensure the effective use of incident response tools.
• Provide training and guidance to junior team members and other stakeholders on the use of these tools.
• Stay informed on the latest developments in incident response technology and share insights with the broader cybersecurity team.
• Continuously improve incident response processes by leveraging tool capabilities and identifying opportunities for automation.
• Participate in post-incident reviews to evaluate the effectiveness of tools and make recommendations for improvements.
• Develop and maintain documentation related to the configuration and use of incident response tools.
• Ensure that the use of incident response tools complies with legal, regulatory, and organizational policies.
• Generate reports on tool performance, incident response metrics, and tool effectiveness.
• Assist in audits and assessments related to incident response tool management.
• Required Skills and Knowledge:
• Extensive experience with incident response tools such as SIEM (e.g., Splunk, QRadar, Microsoft Sentinel), EDR (e.g., CrowdStrike, Carbon Black), IDS/IPS (e.g., Snort, Suricata), and forensic tools (e.g., EnCase, FTK).
• Strong understanding of cybersecurity concepts, including network security, endpoint security, and threat detection.
• Proficiency in scripting languages (e.g., Python, PowerShell) for tool automation and integration.
• Demonstrated experience in deploying, configuring, and managing incident response tools in a large, complex environment.
• Ability to optimize tools for performance, including tuning alerts, refining rules, and integrating with other security systems.
• Knowledge of best practices for incident response tool management and the ability to implement these practices across the organization.
• Strong analytical skills to interpret data from various tools and identify patterns indicative of security incidents.
• Ability to troubleshoot issues with tools and resolve them in a timely manner.
• Experience in conducting root cause analysis and forensic investigations using incident response tools.
• Excellent written and verbal communication skills, with the ability to explain complex technical concepts to non-technical stakeholders.
• Strong collaboration skills to work effectively with cross-functional teams, including IT, legal, and compliance.
• Ability to develop and deliver training on the use of incident response tools to team members and other stakeholders.
• Proven ability to lead initiatives related to tool management and optimization within the incident response team.
• Experience mentoring and guiding junior engineers in the use of incident response tools and best practices.

Required Experience:

• Experience: 5-7 years of experience in cybersecurity, with a focus on incident response and incident response tool management.
• Experience in Tool Management: Hands-on experience in managing, configuring, and optimizing incident response tools in a large-scale environment.
• Experience in Incident Response: Extensive experience in responding to and managing complex security incidents using a variety of tools.

Education:

• Bachelor's degree or equivalent experience in Computer Science, Information Security, Cybersecurity, or a related field.
• Preferred: Master's Degree in Cybersecurity or related discipline.

Certifications (Preferred but not required):

• Certified Incident Handler (GCIH)
• Certified Computer Security Incident Handler (CSIH)
• Certified Forensic Computer Analyst (CFCA)
• GIAC Reverse Engineering Malware (GREM)
• EC-Council Certified Incident Handler (ECIH)
• EC-Council Certified Network Defender (CND)
• SANS FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
• Certified Ethical Hacker (CEH)
• Certified Information Systems Security Professional (CISSP)
• GIAC Certified Forensic Analyst (GCFA)
• Certified Information Systems Auditor (CISA)

Personal Attributes:
Attention to Detail: Strong focus on accuracy and precision in managing and configuring security tools.
Proactive Mindset: Ability to anticipate potential threats and take preemptive action through effective tool management.
Resilience: Ability to work under pressure and manage multiple tasks simultaneously.