Incident Response Engineer - Cyber Defense

CTECH NY INC
Dallas, United States of America
yesterday

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Junior

Job location

Dallas, United States of America

Tech stack

Artificial Intelligence
Amazon Web Services (AWS)
Azure
Computer Security
Email Production
Log Analysis
Microsoft Security Essentials
Kusto Query Language
Security Information and Event Management
Cloud Platform System
Mitre Att&ck
Information Technology
Cybercrime

Job description

This role is responsible for the end-to-end execution of the Incident Response lifecycle, leveraging AI-assisted tools, automation, and threat intelligence to accelerate detection, triage, investigation, and containment.

You will operate as both a hands-on technical responder and incident leader, driving rapid mitigation actions while improving detection fidelity, response speed, and operational efficiency., * Act as Incident Commander for high-impact security incidents, coordinating cross-functional response efforts and driving containment, eradication, and recovery actions

  • Execute the full Incident Response lifecycle (detect, triage, investigate, contain, remediate, recover) with a focus on reducing time-to-detect and time-to-contain
  • Leverage frameworks such as MITRE ATT&CK and the Cyber Kill Chain to guide investigations and response strategies
  • Lead real-time decision-making during active incidents, ensuring business risk is clearly understood and mitigated
  • Utilize AI-assisted platforms to pre-triage alerts, enrich incidents, and prioritize high-risk activity in the response queue
  • Drive the adoption of AI-based correlation and context aggregation across SIEM/XDR, case management, and threat intelligence sources
  • Conduct deep-dive investigations across endpoint, identity, email, network, and cloud environments
  • Perform host forensics, log analysis, and malware triage to determine scope, impact, and persistence mechanisms
  • Drive operational efficiency by reducing manual touchpoints and enabling automated containment and remediation actions
  • Provide technical leadership and mentorship to junior and mid-level analysts, elevating team capability and consistency
  • Collaborate with IT, Engineering, Legal, HR, and business stakeholders during investigations and incident response activities
  • Serve as a key contributor across multiple concurrent initiatives, including tool enablement, process improvement, and security strategy
  • Deliver clear, concise, and executive-ready incident reports, including impact assessments and recommended actions
  • Conduct post-incident reviews and root cause analysis, driving improvements to detection, response, and prevention controls

Requirements

  • 6+ years of hands-on experience in Cybersecurity Operations / Incident Response
  • Strong experience within Microsoft Security Ecosystem
  • Proven experience investigating incidents across cloud (Azure/AWS), identity, endpoint, and email platforms
  • Demonstrated experience integrating or leveraging AI/automation in security operations (e.g., security copilots, ML-based detections, automated triage)
  • Strong proficiency in KQL (Kusto Query Language) for threat hunting and investigation
  • Strong analytical and critical thinking skills with the ability to operate under pressure
  • Excellent written and verbal communication skills, including executive-level reporting
  • Ability to lead incidents, influence stakeholders, and drive rapid decision-making
  • Bachelor's degree in Cybersecurity, Information Technology, or related field (or equivalent experience)
  • Certified in one or more of the following: CISSP, CISM, CISA,SANS GIAC Security Certifications.

Apply for this position