The Security Incident Response Engineer provides detection, containment, and analysis of security events to protect the confidentiality, integrity, and availability of information systems in accordance with the firm's business objectives, regulatory requirements, and strategic goals.

  • Provide innovation within the context of the Incident Response (IR) program in relation to both process and technology.
  • Design, implement, and support threat detection and prevention solutions identified as necessary for the protection of Firm assets.
  • Serve as a Subject Matter Expert (SME) for the IR function.
  • Serve as the system owner for common IR toolsets, platforms, and processes, such as SIEM, log management, packet capture, and breach detection systems.
  • Engage in forensic examinations and chain -of-custody procedures utilizing common tools such as Encase.
  • Provide input into policies, standards and procedures. Author standards and procedures designed to safeguard sensitive information.
  • Monitor internal control systems to ensure that appropriate information access levels and security clearances are maintained.
  • Provide input into security risk assessments by leveraging specialized knowledge.
  • Report compliance failures to management for immediate remediation.
  • Maintain assigned systems to ensure availability, reliability, integrity, including the oversight of current and projected capacity, performance, and licensing.
  • Provide status reports and relevant metrics to the Information Security Manager.
  • Contribute to the Firm's security-related information repositories and other marketing/awareness endeavors.
  • Mentor junior members of the IR group.
  • Provide exemplary customer service by striving for first call resolution and demonstrating, empathy, respect, professionalism, and expertise.


Required Skills

  •  Commanding knowledge of IR concepts and best practices, including forensics and chain-of-custody.
  • Experience with common IR tools such as SIEM, log management, IDS, breach detection systems (APT/BDS), EDR, and packet capture.
  • Broad understanding of TCP/IP, DNS, and other foundational topics.
  • Authoritative understanding of malware detection, analysis, and evasion techniques.
  • Extensive knowledge of the threat landscape and the ability to adapt practices to evolving circumstances.
  • Ability to gather and analyze facts, draw conclusions, define problems, and suggest solutions.
  • Maintain critical thinking and composure under pressure.
  • Strong written and oral communication skills. Ability to convey complex concepts to non-technical constituents. Proficiency in oral and written English.
  • Capable of providing assistance with the preparation of internal training materials and documentation.
  • Ability to be productive and maintain focus without direct supervision.
  • Understands IR in the context of risk management and organizational priorities.
  • Passionate in the practice and pursuit of IR excellence.
  • Demonstrates some proficiency in scripting or other automation tools.
  • Provide exemplary customer service by striving for first call resolution and demonstrating, empathy, respect, professionalism, and expertise.

Experience Required

  • Five years of professional experience in information security with a focus on incident response and forensics.

Special Requirements, Licenses, and Certifications

  • Encase EnCE or equivalent experience
  • Bit9/Carbon Black or equivalent experience