Incident Handler, Detection & Response Services
Rapid7
AWSAzureCloudCyber SecurityGoogle Cloud PlatformLinuxMacOSPython
Principal Engineer – Cyber Incident Response
Recruiting.com
full-time
Posted on:
Location Type: Remote
Location: Remote • Pennsylvania, Texas • 🇺🇸 United States
Visit company websiteJob Level
Lead
Tech Stack
CloudCyber SecurityPythonSplunk
About the role
- Lead technical response and investigation of complex and high-severity security incidents, including advanced persistent threats, ransomware, and insider activity
- Provide hands-on expertise in forensic analysis, malware reverse engineering, and threat hunting across endpoints, networks, and cloud environments
- Develop and refine incident response playbooks, detection rules, and automation to improve SOC efficiency and response times
- Partner with engineering teams to design and implement resilient detection and response capabilities across SIEM, EDR, SOAR, and cloud platforms
- Mentor and provide technical guidance to SOC analysts, incident responders, and engineering teams
- Collaborate with threat intelligence teams to translate threat actor tactics, techniques, and procedures (TTPs) into actionable detection and response strategies
- Serve as a technical escalation point during major incidents and contribute to root cause analysis and lessons learned reporting
- Contribute to red/blue/purple team exercises to validate detection and response effectiveness
- Provide input on security architecture, tooling enhancements, and emerging technologies to strengthen enterprise cyber defense
Requirements
- Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or equivalent work experience
- Advanced knowledge of incident response methodologies, digital forensics, malware analysis, and adversary simulation
- Familiarity with industry frameworks such as NIST, MITRE ATT&CK, and ISO 27035
- 10+ years of progressive experience in cybersecurity, with at least 7 years focused on incident response, threat hunting, or forensic investigations
- Demonstrated expertise in analyzing and responding to advanced cyber threats in large enterprise environments
- Hands-on experience with SIEM, EDR, SOAR, and forensic tools (e.g., Splunk, CrowdStrike, EnCase, Magnet, Wireshark)
- Experience with malware reverse engineering, memory forensics, and scripting/automation (Python, PowerShell)
- Strong communication skills, with the ability to clearly present complex technical findings to both technical and executive stakeholders
Benefits
- Health insurance
- Dental and vision care
- Backup dependent care
- Adoption assistance
- Infertility coverage
- Family building support
- Behavioral health solutions
- Paid parental leave
- Paid caregiver leave
- Professional development resources
- Training programs
- Employee resource groups
- Volunteer activities
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
incident responsedigital forensicsmalware analysisadversary simulationthreat huntingscriptingautomationmemory forensicsadvanced persistent threatsransomware
Soft skills
communicationmentoringtechnical guidancecollaborationproblem-solving
