Cyber Incident Response Engineer II
About the position
Summary: The Cyber Incident Response (IR) Engineer role is critical in detecting, investigating, and responding to cybersecurity threats across the enterprise. This role supports and leads security operations through proactive threat hunting, tool development, forensics, and containment. The engineer collaborates across a broad range of security technologies, cloud environments, and detection platforms. Essential Accountabilities: Level I Designs, implements, and conducts the operation of IR operations tools including logging, SIEM, EDR, UEBA, SOAR etc. Evaluates and proposes new security solutions for IR operations. Investigates and presents recommendations to the security manager and various levels of management regarding protection of computing resources and information assets. Builds & updates playbooks/SOAR automations, etc. Assists with monitoring escalations from analysts and provides technical input during investigations. Performs proactive threat hunting to identify potential threats or anomalous behavior. Leverages MITRE ATT&CK framework to provide security monitoring recommendations and improvements. Participates in rotation of 24/7/365 on call coverage. Leads tactical project initiatives including design of solutions in conjunction with management and other cyber defense team members. Assists in the operational support for security technologies in defense against modern cybersecurity threats. Responds to requests within defined SLAs relating to various information security systems, programs, and processes. Enforces information security policies, standards, and procedures and investigates possible security exceptions. Assists in the execution of HIPAA, MAR, PCI, and COBIT compliance activities. Consults on the integration of cyber defense tools and appropriate controls into new and existing systems and applications. Assists in internal and external audits, self-assessments, and risk reviews for security processes. Hardens the operational security ecosystem and evolve mitigation techniques through ongoing threat intelligence assessment. Participates in incident response activities, including containment, triage, and root cause analysis. Research, design and integrate new operational security solutions with an emphasis on solutions that aligns with overall cybersecurity strategy. Consistently demonstrates high standards of integrity by supporting the Lifetime Healthcare Companies’ mission and values, adhering to the Corporate Code of Conduct, and leading to the Lifetime Way values and beliefs. Maintains high regard for member privacy in accordance with the corporate privacy policies and procedures. Regular and reliable attendance is expected and required. Performs other functions as assigned by management. Level II (in addition to Level I Accountabilities) Acts as a technical lead and provides mentoring, training, and technical support to engineers and analysts. Hardens security ecosystem and evolves mitigation techniques through ongoing threat intelligence assessments. Serves as the technical escalation point for complex incidents and operational challenges. Designs and leads threat hunting engagements and proactively identifies advanced threats. Leads the blue team side of purple team exercises to validate and improve detection and response capabilities. Leads cyber defense incident response activities end to end. Performs as the subject matter expert for more than three information security technology, processes, and practices internally to the Health Plan. Provides advanced technical expertise and process improvement support. Designs and implements automated solutions for common security administration tasks. Minimum Qualifications: NOTE: We include multiple levels of classification differentiated by demonstrated knowledge, skills, and the ability to manage increasingly independent and/or complex assignments, broader responsibility, additional decision making, and in some cases, becoming a resource to others. In addition to using this differentiated approach to place new hires, it also provides guideposts for employee development and promotional opportunities. All Levels Five (5) years of related work experience. Bachelor's degree in computer science, information technology, or relevant field. In lieu of degree, six (6) cumulative years of related experience are required. Hands on experience with the following operating systems preferred: Windows, and UNIX (Linux, AIX, Solaris, etc.). Strong knowledge of several concepts and/or tools listed: Cloud infrastructure services, including IaaS, PaaS, and SaaS models. Intermediate knowledge of network and application security, including firewalls and web application firewalls (e.g., Palo Alto Networks, Imperva). Experience and knowledge of identity and access management systems, including Active Directory, Entra ID, LDAP, and various authentication protocols Knowledge of endpoint protection and antivirus solutions. Demonstrated experience identifying malicious actors, TTPs, and using the MITRE ATT&CK framework. Experience using IDS/IPS and/or related tools. Knowledge with cloud-native security solutions for multi-cloud environments, such as SIEM, CSPM, threat detection, compliance enforcement, and governance frameworks. Security incident response experience. Demonstrated experience with common query techniques including Kusto query language and Python. Advanced communication skills with the ability to present clear and concise information to all levels and technical abilities. Excellent organization and multi-tasking skills. Level II (in addition to Level I Qualifications) Eight (8) years of related work experience with and strong knowledge of all concepts and/or tools listed above (under Level I). Experience in evaluating security software packages and systems. Experience with security automation, including associated playbooks, reporting and notification. Knowledge of network regulations, industry standards and operational constraints of networks systems. CISSP, CISA, CISM or other relevant security certification, or equivalent experience, and knowledge preferred. Experience providing work direction for one or more individual’s specific projects and initiatives. Physical Requirements: Ability to work prolonged periods sitting and/or standing at a workstation and working on a computer. Ability to travel across the Health Plan service region for meetings and/or trainings as needed. Ability to work in a home office for continuous periods of time for business continuity. In support of the Americans with Disabilities Act, this job description lists only those responsibilities and qualifications deemed essential to the position. Equal Opportunity Employer
Responsibilities
• Designs, implements, and conducts the operation of IR operations tools including logging, SIEM, EDR, UEBA, SOAR etc.
• Evaluates and proposes new security solutions for IR operations.
• Investigates and presents recommendations to the security manager and various levels of management regarding protection of computing resources and information assets.
• Builds & updates playbooks/SOAR automations, etc.
• Assists with monitoring escalations from analysts and provides technical input during investigations.
• Performs proactive threat hunting to identify potential threats or anomalous behavior.
• Leverages MITRE ATT&CK framework to provide security monitoring recommendations and improvements.
• Participates in rotation of 24/7/365 on call coverage.
• Leads tactical project initiatives including design of solutions in conjunction with management and other cyber defense team members.
• Assists in the operational support for security technologies in defense against modern cybersecurity threats.
• Responds to requests within defined SLAs relating to various information security systems, programs, and processes.
• Enforces information security policies, standards, and procedures and investigates possible security exceptions.
• Assists in the execution of HIPAA, MAR, PCI, and COBIT compliance activities.
• Consults on the integration of cyber defense tools and appropriate controls into new and existing systems and applications.
• Assists in internal and external audits, self-assessments, and risk reviews for security processes.
• Hardens the operational security ecosystem and evolve mitigation techniques through ongoing threat intelligence assessment.
• Participates in incident response activities, including containment, triage, and root cause analysis.
• Research, design and integrate new operational security solutions with an emphasis on solutions that aligns with overall cybersecurity strategy.
• Consistently demonstrates high standards of integrity by supporting the Lifetime Healthcare Companies’ mission and values, adhering to the Corporate Code of Conduct, and leading to the Lifetime Way values and beliefs.
• Maintains high regard for member privacy in accordance with the corporate privacy policies and procedures.
• Regular and reliable attendance is expected and required.
• Performs other functions as assigned by management.
• Acts as a technical lead and provides mentoring, training, and technical support to engineers and analysts.
• Hardens security ecosystem and evolves mitigation techniques through ongoing threat intelligence assessments.
• Serves as the technical escalation point for complex incidents and operational challenges.
• Designs and leads threat hunting engagements and proactively identifies advanced threats.
• Leads the blue team side of purple team exercises to validate and improve detection and response capabilities.
• Leads cyber defense incident response activities end to end.
• Performs as the subject matter expert for more than three information security technology, processes, and practices internally to the Health Plan.
• Provides advanced technical expertise and process improvement support.
• Designs and implements automated solutions for common security administration tasks.
Requirements
• Five (5) years of related work experience.
• Bachelor's degree in computer science, information technology, or relevant field. In lieu of degree, six (6) cumulative years of related experience are required.
• Hands on experience with the following operating systems preferred: Windows, and UNIX (Linux, AIX, Solaris, etc.).
• Strong knowledge of several concepts and/or tools listed: Cloud infrastructure services, including IaaS, PaaS, and SaaS models.
• Intermediate knowledge of network and application security, including firewalls and web application firewalls (e.g., Palo Alto Networks, Imperva).
• Experience and knowledge of identity and access management systems, including Active Directory, Entra ID, LDAP, and various authentication protocols
• Knowledge of endpoint protection and antivirus solutions.
• Demonstrated experience identifying malicious actors, TTPs, and using the MITRE ATT&CK framework.
• Experience using IDS/IPS and/or related tools.
• Knowledge with cloud-native security solutions for multi-cloud environments, such as SIEM, CSPM, threat detection, compliance enforcement, and governance frameworks.
• Security incident response experience.
• Demonstrated experience with common query techniques including Kusto query language and Python.
• Advanced communication skills with the ability to present clear and concise information to all levels and technical abilities.
• Excellent organization and multi-tasking skills.
• Eight (8) years of related work experience with and strong knowledge of all concepts and/or tools listed above (under Level I).
Nice-to-haves
• Experience in evaluating security software packages and systems.
• Experience with security automation, including associated playbooks, reporting and notification.
• Knowledge of network regulations, industry standards and operational constraints of networks systems.
• CISSP, CISA, CISM or other relevant security certification, or equivalent experience, and knowledge preferred.
• Experience providing work direction for one or more individual’s specific projects and initiatives.
Apply Now
Apply Now
Summary: The Cyber Incident Response (IR) Engineer role is critical in detecting, investigating, and responding to cybersecurity threats across the enterprise. This role supports and leads security operations through proactive threat hunting, tool development, forensics, and containment. The engineer collaborates across a broad range of security technologies, cloud environments, and detection platforms. Essential Accountabilities: Level I Designs, implements, and conducts the operation of IR operations tools including logging, SIEM, EDR, UEBA, SOAR etc. Evaluates and proposes new security solutions for IR operations. Investigates and presents recommendations to the security manager and various levels of management regarding protection of computing resources and information assets. Builds & updates playbooks/SOAR automations, etc. Assists with monitoring escalations from analysts and provides technical input during investigations. Performs proactive threat hunting to identify potential threats or anomalous behavior. Leverages MITRE ATT&CK framework to provide security monitoring recommendations and improvements. Participates in rotation of 24/7/365 on call coverage. Leads tactical project initiatives including design of solutions in conjunction with management and other cyber defense team members. Assists in the operational support for security technologies in defense against modern cybersecurity threats. Responds to requests within defined SLAs relating to various information security systems, programs, and processes. Enforces information security policies, standards, and procedures and investigates possible security exceptions. Assists in the execution of HIPAA, MAR, PCI, and COBIT compliance activities. Consults on the integration of cyber defense tools and appropriate controls into new and existing systems and applications. Assists in internal and external audits, self-assessments, and risk reviews for security processes. Hardens the operational security ecosystem and evolve mitigation techniques through ongoing threat intelligence assessment. Participates in incident response activities, including containment, triage, and root cause analysis. Research, design and integrate new operational security solutions with an emphasis on solutions that aligns with overall cybersecurity strategy. Consistently demonstrates high standards of integrity by supporting the Lifetime Healthcare Companies’ mission and values, adhering to the Corporate Code of Conduct, and leading to the Lifetime Way values and beliefs. Maintains high regard for member privacy in accordance with the corporate privacy policies and procedures. Regular and reliable attendance is expected and required. Performs other functions as assigned by management. Level II (in addition to Level I Accountabilities) Acts as a technical lead and provides mentoring, training, and technical support to engineers and analysts. Hardens security ecosystem and evolves mitigation techniques through ongoing threat intelligence assessments. Serves as the technical escalation point for complex incidents and operational challenges. Designs and leads threat hunting engagements and proactively identifies advanced threats. Leads the blue team side of purple team exercises to validate and improve detection and response capabilities. Leads cyber defense incident response activities end to end. Performs as the subject matter expert for more than three information security technology, processes, and practices internally to the Health Plan. Provides advanced technical expertise and process improvement support. Designs and implements automated solutions for common security administration tasks. Minimum Qualifications: NOTE: We include multiple levels of classification differentiated by demonstrated knowledge, skills, and the ability to manage increasingly independent and/or complex assignments, broader responsibility, additional decision making, and in some cases, becoming a resource to others. In addition to using this differentiated approach to place new hires, it also provides guideposts for employee development and promotional opportunities. All Levels Five (5) years of related work experience. Bachelor's degree in computer science, information technology, or relevant field. In lieu of degree, six (6) cumulative years of related experience are required. Hands on experience with the following operating systems preferred: Windows, and UNIX (Linux, AIX, Solaris, etc.). Strong knowledge of several concepts and/or tools listed: Cloud infrastructure services, including IaaS, PaaS, and SaaS models. Intermediate knowledge of network and application security, including firewalls and web application firewalls (e.g., Palo Alto Networks, Imperva). Experience and knowledge of identity and access management systems, including Active Directory, Entra ID, LDAP, and various authentication protocols Knowledge of endpoint protection and antivirus solutions. Demonstrated experience identifying malicious actors, TTPs, and using the MITRE ATT&CK framework. Experience using IDS/IPS and/or related tools. Knowledge with cloud-native security solutions for multi-cloud environments, such as SIEM, CSPM, threat detection, compliance enforcement, and governance frameworks. Security incident response experience. Demonstrated experience with common query techniques including Kusto query language and Python. Advanced communication skills with the ability to present clear and concise information to all levels and technical abilities. Excellent organization and multi-tasking skills. Level II (in addition to Level I Qualifications) Eight (8) years of related work experience with and strong knowledge of all concepts and/or tools listed above (under Level I). Experience in evaluating security software packages and systems. Experience with security automation, including associated playbooks, reporting and notification. Knowledge of network regulations, industry standards and operational constraints of networks systems. CISSP, CISA, CISM or other relevant security certification, or equivalent experience, and knowledge preferred. Experience providing work direction for one or more individual’s specific projects and initiatives. Physical Requirements: Ability to work prolonged periods sitting and/or standing at a workstation and working on a computer. Ability to travel across the Health Plan service region for meetings and/or trainings as needed. Ability to work in a home office for continuous periods of time for business continuity. In support of the Americans with Disabilities Act, this job description lists only those responsibilities and qualifications deemed essential to the position. Equal Opportunity Employer
Responsibilities
• Designs, implements, and conducts the operation of IR operations tools including logging, SIEM, EDR, UEBA, SOAR etc.
• Evaluates and proposes new security solutions for IR operations.
• Investigates and presents recommendations to the security manager and various levels of management regarding protection of computing resources and information assets.
• Builds & updates playbooks/SOAR automations, etc.
• Assists with monitoring escalations from analysts and provides technical input during investigations.
• Performs proactive threat hunting to identify potential threats or anomalous behavior.
• Leverages MITRE ATT&CK framework to provide security monitoring recommendations and improvements.
• Participates in rotation of 24/7/365 on call coverage.
• Leads tactical project initiatives including design of solutions in conjunction with management and other cyber defense team members.
• Assists in the operational support for security technologies in defense against modern cybersecurity threats.
• Responds to requests within defined SLAs relating to various information security systems, programs, and processes.
• Enforces information security policies, standards, and procedures and investigates possible security exceptions.
• Assists in the execution of HIPAA, MAR, PCI, and COBIT compliance activities.
• Consults on the integration of cyber defense tools and appropriate controls into new and existing systems and applications.
• Assists in internal and external audits, self-assessments, and risk reviews for security processes.
• Hardens the operational security ecosystem and evolve mitigation techniques through ongoing threat intelligence assessment.
• Participates in incident response activities, including containment, triage, and root cause analysis.
• Research, design and integrate new operational security solutions with an emphasis on solutions that aligns with overall cybersecurity strategy.
• Consistently demonstrates high standards of integrity by supporting the Lifetime Healthcare Companies’ mission and values, adhering to the Corporate Code of Conduct, and leading to the Lifetime Way values and beliefs.
• Maintains high regard for member privacy in accordance with the corporate privacy policies and procedures.
• Regular and reliable attendance is expected and required.
• Performs other functions as assigned by management.
• Acts as a technical lead and provides mentoring, training, and technical support to engineers and analysts.
• Hardens security ecosystem and evolves mitigation techniques through ongoing threat intelligence assessments.
• Serves as the technical escalation point for complex incidents and operational challenges.
• Designs and leads threat hunting engagements and proactively identifies advanced threats.
• Leads the blue team side of purple team exercises to validate and improve detection and response capabilities.
• Leads cyber defense incident response activities end to end.
• Performs as the subject matter expert for more than three information security technology, processes, and practices internally to the Health Plan.
• Provides advanced technical expertise and process improvement support.
• Designs and implements automated solutions for common security administration tasks.
Requirements
• Five (5) years of related work experience.
• Bachelor's degree in computer science, information technology, or relevant field. In lieu of degree, six (6) cumulative years of related experience are required.
• Hands on experience with the following operating systems preferred: Windows, and UNIX (Linux, AIX, Solaris, etc.).
• Strong knowledge of several concepts and/or tools listed: Cloud infrastructure services, including IaaS, PaaS, and SaaS models.
• Intermediate knowledge of network and application security, including firewalls and web application firewalls (e.g., Palo Alto Networks, Imperva).
• Experience and knowledge of identity and access management systems, including Active Directory, Entra ID, LDAP, and various authentication protocols
• Knowledge of endpoint protection and antivirus solutions.
• Demonstrated experience identifying malicious actors, TTPs, and using the MITRE ATT&CK framework.
• Experience using IDS/IPS and/or related tools.
• Knowledge with cloud-native security solutions for multi-cloud environments, such as SIEM, CSPM, threat detection, compliance enforcement, and governance frameworks.
• Security incident response experience.
• Demonstrated experience with common query techniques including Kusto query language and Python.
• Advanced communication skills with the ability to present clear and concise information to all levels and technical abilities.
• Excellent organization and multi-tasking skills.
• Eight (8) years of related work experience with and strong knowledge of all concepts and/or tools listed above (under Level I).
Nice-to-haves
• Experience in evaluating security software packages and systems.
• Experience with security automation, including associated playbooks, reporting and notification.
• Knowledge of network regulations, industry standards and operational constraints of networks systems.
• CISSP, CISA, CISM or other relevant security certification, or equivalent experience, and knowledge preferred.
• Experience providing work direction for one or more individual’s specific projects and initiatives.
Apply Now
Apply Now