Cyber Incident Responder

Job Title: Cyber Incident Responder

Contract Duration: 1 year, possible extension

Location: St. Paul, MN

Work Arrangement: Onsite

Pay Range: $42.00-$47.00/hour

• Responsible for investigating, analyzing, and responding to security incidents across the organizations environment.
• Leads or executes complex incident response activities, adapts standard procedures to evolving threats.
• Plays a critical role in protecting the organizations technology assets by identifying, analyzing, and responding to cybersecurity threats that may result in unauthorized access, misuse, or disruption of services.

• Monitor security alerts and events from various tools (SIEM, EDR, IDS/IPS, etc.) to identify potential incidents.
• Perform triage, correlation, and in-depth analysis of security events, including indicators of compromise (IOCs), malware activity, phishing attempts, and suspicious network behavior.
• Conduct forensic analysis on systems, networks, and endpoints to determine root cause and scope of incidents.
• Develop and implement response strategies to mitigate immediate threats and prevent recurrence.
• Support the implementation, tuning, and monitoring of security tools such as SIEM, EDR, firewalls, and intrusion detection systems.
• Ensure security controls are effectively detecting and preventing malicious activity.
• Validate and enhance alerting mechanisms to reduce false positives and improve detection accuracy.
• Document incidents thoroughly, including timelines, impact assessments, and remediation actions.

• Accountable for timely detection, analysis, and response to cybersecurity incidents to minimize organizational risk and business disruption.
• Works under moderate supervision but exercises independent judgment when handling incidents and escalating issues.
• Responsible for maintaining the confidentiality, integrity, and availability of organizational systems and data.
• Collaborates cross-functionally with IT, network, security engineering, and business teams during incident response activities.
• Contributes to continuous improvement of incident response processes, playbooks, and detection capabilities.
• Ensures compliance with internal security policies, standards, and regulatory requirements.

• Bachelor's degree in Information Technology or similar area; or equivalent work experience.

• 3 years of technical experience in a Security Operations Center (SOC), incident response, or cybersecurity-related role.
• Demonstrated experience with security monitoring and investigation tools (e.g., SIEM such as Splunk, EDR platforms, email security tools).
• Strong understanding of network protocols, operating systems, enterprise security controls and frameworks such as MITRE ATT&CK.