Security Specialist - Incident.io

Find Your Next Career Adventure at Executive Operations

We are seeking a skilled Security Specialist to own the configuration, optimization, and integration of incident.io and a suite of core security tools across our environment. This role sits at the intersection of security engineering and operations, ensuring our incident management platform is tuned for rapid response and that our security toolstack — spanning endpoint, email, DNS, identity, and SIEM — is consistently configured, monitored, and improved.

The ideal candidate is hands‑on, detail‑oriented, and comfortable managing multiple security platforms simultaneously. You will serve as the subject‑matter expert for incident.io and act as a force multiplier for the security team by reducing alert fatigue, automating response workflows, and producing actionable documentation for both internal and stakeholder audiences.

Deploy, configure, and maintain incident.io as the primary incident management platform across internal environments.

Design and manage incident workflows, severity tiers, escalation paths, and on‑call schedules.

Build and refine incident templates, runbooks, and post‑incident review (PIR) processes within incident.io.

Integrate incident.io with alerting sources (Microsoft Defender, Crowd Strike, Cloudflare) and communication platforms (Slack, Microsoft Teams).

Develop automation rules and triggers to reduce manual triage effort and accelerate MTTD and MTTR metrics.

Monitor platform health, manage user roles and permissions, and produce incident trend reports for leadership review.

Security Tool Configuration & Operations

Administer different security platform settings including endpoint protection, email security, and cloud app coverage.

Manage Cloudflare Gateway, WARP, and DNS firewall rules to enforce network‑layer security for client environments.

Develop and refine KQL‑based Advanced Hunting queries, analytics rules, and detection logic in Microsoft Sentinel.

Perform EDR platform onboarding, health monitoring, and coverage gap analysis across Windows, macOS, and mobile endpoints.

Act as Tier 2/3 escalation point for SOC analysts during active incidents, providing tool expertise and triage guidance.

Conduct root‑cause analysis and threat attribution for security events including phishing campaigns, endpoint compromises, and suspicious network activity.

Produce formal incident reports, executive summaries, and remediation recommendations for leadership and stakeholders.

Author and maintain SOPs, configuration guides, and runbooks for all managed security tools and incident.io workflows.

Identify gaps in detection coverage, tool configurations, or process workflows and drive remediation efforts.

Track and report on key security metrics: alert volume, MTTD, MTTR, false positive rates, and tool coverage.

Required Qualifications

3+ years of experience in a security operations, security engineering, or incident response role.

Hands‑on experience configuring and operating incident.io or a comparable incident management platform (e.g., Pager Duty, Opsgenie, Fire Hydrant).

Proficiency with Microsoft 365 security tools:
Defender for Endpoint, Defender for Office 365, Microsoft Sentinel, and Entra .

Experience writing KQL queries for log analysis, threat hunting, and detection rule development.

Familiarity with Cloudflare security products (Gateway, WARP, DNS Firewall) or equivalent DNS/network‑layer security platforms.

Strong understanding of the MITRE ATT&CK framework, common threat actor TTPs, and incident classification methodologies.

Excellent written communication skills with ability to produce clear, client‑ready technical reports and documentation.