Senior Incident Responder

Job Description

SecurityHQ is a global cybersecurity company. Our specialist teams design, engineer and manage systems that promote clarity and an inclusive culture of trust, build momentum around improving security posture, and increase the value of cybersecurity investment. Around the clock, 365 days per year, our customers are never alone. Were SecurityHQ. Were focused on engineering cybersecurity, by design

Responsibilities

• Lead response to complex, high-impact security incidents in AWS, including unauthorized access, data breaches, malware infections, DDoS attacks, phishing, APTs, zero-day exploits, and cloud misconfigurations.
• Perform in-depth analysis of security incidents, including advanced log analysis, digital forensic investigation, and root cause analysis.
• Develop and implement containment, eradication, and recovery plans for complex security incidents, minimizing disruption and improving security posture.
• Coordinate with internal and external stakeholders during incident response activities.
• Document incident details, analysis findings, and remediation actions, including detailed forensic reports and security posture assessments.
• Identify and recommend security improvements to prevent future incidents and enhance cloud security posture, including:
• AWS security best practices
• Security tool implementation and configuration (with a focus on CSPM tools)
• Vulnerability management
• Security awareness training
• Threat hunting strategies
• Security architecture enhancements
• CSPM implementation and optimization
• Develop and maintain AWS-specific incident response plans, playbooks, and procedures, emphasizing automation, orchestration, and continuous security posture improvement.
• Stay current on cloud security, digital forensics, and cloud security posture management.
• Mentor junior security analysts in incident response and security posture management.
• Participate in on-call rotation, providing expert-level support and guidance on security posture.
• Develop and deliver training on incident response, forensic best practices, and cloud security posture management.
• Conduct proactive threat hunting and security posture assessments.
• Contribute to the development of security tools and automation to improve incident response efficiency, effectiveness, and security posture.

Essential Skills

• Expert-level understanding of AWS services, including:
• EC2, S3, RDS, VPC, Lambda
• CloudTrail, CloudWatch, Config, Security Hub, GuardDuty
• IAM, KMS
• AWS Organizations, AWS Control Tower
• Extensive experience with SIEM systems (e.g., Datadog, Qradar, Azure Sentinel) in a cloud environment, with a focus on security posture monitoring.
• Mastery of log analysis, network analysis, and digital forensic investigation techniques, including experience with specialized forensic tools (e.g., EnCase, FTK, Autopsy, Velociraptor) and CSPM tools.
• Strong experience with scripting (e.g., Python, PowerShell) for automation, analysis, tool development, and security posture management.

Deep familiarity with security tools and technologies, including:

• IDS/IPS
• EDR
• Vulnerability scanners
• Firewalls
• Network forensics tools
• CSPM tools
• Excellent communication and interpersonal skills, with the ability to convey highly technical information to technical and non-technical audiences, including executive leadership and legal counsel, regarding incident response and security posture.
• Exceptional problem-solving and analytical skills; ability to remain calm, focused, and decisive under high-pressure situations, including those involving significant security posture deficiencies.
• Ability to work independently, lead a team, and collaborate effectively to improve the organization's security posture.

Expert-level understanding of AWS services, including:

• EC2, S3, RDS, VPC, Lambda
• CloudTrail, CloudWatch, Config, Security Hub, GuardDuty
• IAM, KMS
• AWS Organizations, AWS Control Tower
• Extensive experience with SIEM systems (e.g., Datadog, Qradar, Azure Sentinel) in a cloud environment, with a focus on security posture monitoring.
• Mastery of log analysis, network analysis, and digital forensic investigation techniques, including experience with specialized forensic tools (e.g., EnCase, FTK, Autopsy, Velociraptor) and CSPM tools.
• Strong experience with scripting (e.g., Python, PowerShell) for automation, analysis, tool development, and security posture management.

Deep familiarity with security tools and technologies, including:

• IDS/IPS
• EDR
• Vulnerability scanners
• Firewalls
• Network forensics tools

• CSPM tools

• Excellent communication and interpersonal skills, with the ability to convey highly technical information to technical and non-technical audiences, including executive leadership and legal counsel, regarding incident response and security posture.

• Exceptional problem-solving and analytical skills; ability to remain calm, focused, and decisive under high-pressure situations, including those involving significant security posture deficiencies.
• Ability to work independently, lead a team, and collaborate effectively to improve the organization's security posture.

Education Requirements &

Experience

• Master's degree in Computer Science, Cybersecurity, or a related field.
• AWS Security certifications (e.g., AWS Certified Security - Specialty).
• Relevant security certifications (e.g., CISSP, GCIH, GCIA, GREM, GNFA, OSCP).
• Experience leading incident response teams and security posture improvement initiatives.
• Experience with cloud automation and orchestration (e.g., AWS Systems Manager, Lambda) for incident response and security posture management.
• Knowledge of DevSecOps principles and practices, including security integration into CI/CD pipelines and infrastructure as code (IaC) security.
• Experience with container security (e.g., Docker, Kubernetes) in AWS, including forensic analysis and security posture assessment.
• Experience with reverse engineering and malware analysis, focused on identifying threats that impact cloud security posture.
• Strong understanding of legal and regulatory issues related to digital forensics, incident response, and cloud security posture (e.g., data privacy, chain of custody, compliance requirements).