Incident Response Engineer

June 29, 2020
Hayward, CA
Job Type



  • Assist with maturing incident response program.
  • Respond to security incidents covering all phases including identification, containment and eradication
  • Maintain incident response infrastructure to address overall enterprise scope including cloud, on-prem, and open source software.
  • Integrate incident response tools and data into other programs e.g. vulnerability management, security architecture, IT technology deployments, etc.
  • Act as engagement point for the IT team and the business across the entire company.
  • Monitor our SIEM for notable events, running them down to completion.
  • Tune our SIEM to look for new threats, make existing threats easier to find, and reduce false positives.
  • Perform forensics on affected systems as needed.
  • Participate in periodic purple team exercises with our red team.
  • Actively gather cyber Intelligence to ensure response capabilities are adequate to the threats.
  • Partner with teams across the organization to define remediation plans, drive and track remediation to completion, and find new approaches to improve the program.
  • Identify, assesses and document the severity and potential impact of vulnerabilities and give technical guidance to teams/owners in a way that consistently drives objective using fact-based decisions.
  • Find opportunities for enhancement including automation and self-service.
  • Analyze data and develop metrics to measure and communicate the effectiveness of the incident response process.


  • Experience using commercial SIEM’s such as Azure Sentinel, Splunk Enterprise Security, AlienVault, or LogRhythm.
  • 2 - 5 years of experience in a front-line incident response role, handling technical security issues such as malware, phishing, and intrusions.
  • 1 years of experience using Azure or Amazon Web Services
  • 1 year of experience writing automation utilities in a scripting language, preferably python or Windows PowerShell.
  • 2 - 5 years’ experience of systems administration of Windows and Linux/Unix systems.
  • 2 - 5 years of security experience in relevant security domains (e.g. threat and vulnerability management, risk management, security architecture, security hardening).
  • Experience with operating vulnerability assessment and incident response tools including network scanners, host-based detection agents, and web application scanners.
This entry was posted in . Bookmark the permalink.