Cyber Incident Response Engineer II

2 days ago Be among the first 25 applicants

The Cyber Incident Response (IR) Engineer role is critical in detecting, investigating, and responding to cybersecurity threats across the enterprise. This role supports and leads security operations through proactive threat hunting, tool development, forensics, and containment. The engineer collaborates across a broad range of security technologies, cloud environments, and detection platforms.

• Designs, implements, and conducts the operation of IR operations tools including logging, SIEM, EDR, UEBA, SOAR etc.
• Evaluates and proposes new security solutions for IR operations.
• Investigates and presents recommendations to the security manager and various levels of management regarding protection of computing resources and information assets.
• Builds & updates playbooks/SOAR automations, etc.
• Assists with monitoring escalations from analysts and provides technical input during investigations.
• Performs proactive threat hunting to identify potential threats or anomalous behavior.
• Leverages MITRE ATT&CK framework to provide security monitoring recommendations and improvements.
• Participates in rotation of 24/7/365 on call coverage.
• Leads tactical project initiatives including design of solutions in conjunction with management and other cyber defense team members.
• Assists in the operational support for security technologies in defense against modern cybersecurity threats.
• Responds to requests within defined SLAs relating to various information security systems, programs, and processes.
• Enforces information security policies, standards, and procedures and investigates possible security exceptions.
• Assists in the execution of HIPAA, MAR, PCI, and COBIT compliance activities.
• Consults on the integration of cyber defense tools and appropriate controls into new and existing systems and applications.
• Assists in internal and external audits, self-assessments, and risk reviews for security processes.
• Hardens the operational security ecosystem and evolves mitigation techniques through ongoing threat intelligence assessment.
• Participates in incident response activities, including containment, triage, and root cause analysis.
• Research, design and integrate new operational security solutions with an emphasis on solutions that aligns with overall cybersecurity strategy.
• Consistently demonstrates high standards of integrity by supporting the Lifetime Healthcare Companies’ mission and values, adhering to the Corporate Code of Conduct, and leading to the Lifetime Way values and beliefs.
• Maintains high regard for member privacy in accordance with the corporate privacy policies and procedures.
• Regular and reliable attendance is expected and required.
• Performs other functions as assigned by management.

• Acts as a technical lead and provides mentoring, training, and technical support to engineers and analysts.
• Hardens security ecosystem and evolves mitigation techniques through ongoing threat intelligence assessments.
• Serves as the technical escalation point for complex incidents and operational challenges.
• Designs and leads threat hunting engagements and proactively identifies advanced threats.
• Leads the blue team side of purple team exercises to validate and improve detection and response capabilities. Leads cyber defense incident response activities end to end.
• Performs as the subject matter expert for more than three information security technology, processes, and practices internally to the Health Plan.
• Provides advanced technical expertise and process improvement support.
• Designs and implements automated solutions for common security administration tasks.

NOTE:

We include multiple levels of classification differentiated by demonstrated knowledge, skills, and the ability to manage increasingly independent and/or complex assignments, broader responsibility, additional decision making, and in some cases, becoming a resource to others. In addition to using this differentiated approach to place new hires, it also provides guideposts for employee development and promotional opportunities.

• Five (5) years of related work experience.
• Bachelor's degree in computer science, information technology, or relevant field. In lieu of degree, six (6) cumulative years of related experience are required.
• Hands on experience with the following operating systems preferred:
  Windows, and UNIX (Linux, AIX, Solaris, etc.).
• Strong knowledge of several concepts and/or tools listed:
  Cloud infrastructure services, including IaaS, PaaS, and SaaS models.
• Intermediate knowledge of network and application security, including firewalls and web application firewalls (e.g., Palo Alto Networks, Imperva).
• Experience and knowledge of identity and access management systems, including Active Directory, Entra , LDAP, and various authentication protocols.
• Knowledge of endpoint protection and antivirus solutions.
• Demonstrated experience…