×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Security Manager

Senior Cyber Incident Responder

Job in O'Fallon, St. Charles County, Missouri, 63366, USA
Listing for: Gainwell Technologies
Full Time position
Listed on 2026-05-30
Job specializations:
  • IT/Tech
    Cybersecurity, Security Manager
Salary/Wage Range or Industry Benchmark: 80000 - 100000 USD Yearly USD 80000.00 100000.00 YEAR
Job Description & How to Apply Below

Be part of a team that unleashes the power of leading-edge technologies to help improve the health and well‑being of those most vulnerable in our country and communities. Working at Gainwell carries its rewards. You’ll have an incredible opportunity to grow your career in a company that values work flexibility, learning, and career development. You’ll add to your technical credentials and certifications while enjoying a generous, flexible vacation policy and educational assistance.

We also have comprehensive leadership and technical development academies to help build your skills and capabilities.

Summary

The Senior Cyber Incident Responder is a senior‑level, hands‑on responder responsible for leading and executing incident response activities. This role investigates security alerts and confirmed incidents, performs rapid triage and containment, drives eradication and recovery actions, and produces high‑quality incident documentation suitable for technical, executive, and regulatory audiences.

This position requires strong technical depth across endpoint, network, and identity‑focused incidents, expert‑level analytical skills, and the ability to coordinate responders and stakeholders under time pressure. The Senior Cyber Incident Responder works closely with the SOC, Vulnerability Management, Threat Intelligence, IT Operations, and engineering teams to reduce dwell time, prevent recurrence, and continuously improve detection and response capabilities.

Your role in our mission
  • Incident Triage, Investigation, and Leadership
  • Lead investigations from initial alert through closure, including validation, scoping, evidence collection, and root cause analysis.
  • Act as an incident lead for medium‑to‑high severity events by coordinating technical responders, maintaining timelines, and driving decisions to completion.
  • Containment, Eradication, and Recovery Coordination
  • Execute rapid containment actions in partnership with IT and security engineering teams (e.g., isolate endpoints, disable accounts, block IOCs, segment network access, revoke tokens).
  • Drive eradication plans to remove persistence mechanisms, remediate compromised systems, and validate successful cleanup.
  • Digital Forensics and Evidence Handling
  • Collect and preserve evidence in a defensible manner (logs, endpoint artifacts, memory/disk captures where appropriate, authentication records, network telemetry).
  • Analyze endpoint and network indicators to determine initial access vector, lateral movement, privilege escalation, and data access/exfiltration risk.
  • Threat Intelligence and Adversary Tracking
  • Integrate threat intelligence (e.g., commercial feeds and OSINT) to enrich investigations with context on active exploitation and adversary tradecraft.
  • Produce and operationalize IOCs and detection logic based on observed activity and intelligence‐driven hypotheses.
  • Detection Improvement and Preventative Controls
  • Translate incident learnings into durable improvements: detection rules, correlation searches, SIEM content, alert tuning, and response playbooks.
  • Partner with Vulnerability Management and engineering teams when incidents are linked to exploitable vulnerabilities or misconfigurations (e.g., prioritizing patching/hardening actions).
What We're Looking For
  • 7–10+ years of overall IT/security experience, including 4–6+ years in incident response, SOC, threat hunting, or security operations.
  • Demonstrated experience leading investigations across common incident types (credential theft, malware/ransomware, web exploitation, data exposure, cloud/identity abuse).
  • Strong working knowledge of:
    • Enterprise logging and detection (e.g., Splunk or similar SIEM)
    • Incident workflow/case management (e.g., Service Now or comparable platforms)
    • Identity and access patterns (AD/Azure AD concepts, authentication logs, privilege pathways)
    • Network security fundamentals (firewalls, proxies, segmentation, VPN access patterns)
  • Proven ability to analyze log sources and security telemetry to reconstruct attack paths and identify blast radius.
  • Working knowledge of industry frameworks and standards such as NIST 800‑61 (Incident Response), MITRE ATT&CK, and common secure operations practices.
  • Strong…
Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search