Career Techniques Inc
Description
About the Role
This role is responsible for the end-to-end execution of the Incident Response lifecycle, leveraging AI-assisted tools, automation, and threat intelligence to accelerate detection, triage, investigation, and containment.
You will operate as both a hands-on technical responder and incident leader, driving rapid mitigation actions while improving detection fidelity, response speed, and operational efficiency.
Responsibilities Include, but Are Not Limited to:
- Act as Incident Commander for high-impact security incidents, coordinating cross-functional response efforts and driving containment, eradication, and recovery actions
- Execute the full Incident Response lifecycle (detect, triage, investigate, contain, remediate, recover) with a focus on reducing time-to-detect and time-to-contain
- Leverage frameworks such as MITRE ATT&CK and the Cyber Kill Chain to guide investigations and response strategies
- Lead real-time decision-making during active incidents, ensuring business risk is clearly understood and mitigated
- Utilize AI-assisted platforms to pre-triage alerts, enrich incidents, and prioritize high-risk activity in the response queue
- Drive the adoption of AI-based correlation and context aggregation across SIEM/XDR, case management, and threat intelligence sources
- Conduct deep-dive investigations across endpoint, identity, email, network, and cloud environments
- Perform host forensics, log analysis, and malware triage to determine scope, impact, and persistence mechanisms
- Drive operational efficiency by reducing manual touchpoints and enabling automated containment and remediation actions
- Provide technical leadership and mentorship to junior and mid-level analysts, elevating team capability and consistency
- Collaborate with IT, Engineering, Legal, HR, and business stakeholders during investigations and incident response activities
- Serve as a key contributor across multiple concurrent initiatives, including tool enablement, process improvement, and security strategy
- Deliver clear, concise, and executive-ready incident reports, including impact assessments and recommended actions
- Conduct post-incident reviews and root cause analysis, driving improvements to detection, response, and prevention controls
Requirements and Qualifications
- 6+ years of hands-on experience in Cybersecurity Operations / Incident Response
- Strong experience within Microsoft Security Ecosystem
- Proven experience investigating incidents across cloud (Azure/AWS), identity, endpoint, and email platforms
- Demonstrated experience integrating or leveraging AI/automation in security operations (e.g., security copilots, ML-based detections, automated triage)
- Strong proficiency in KQL (Kusto Query Language) for threat hunting and investigation
- Strong analytical and critical thinking skills with the ability to operate under pressure
- Excellent written and verbal communication skills, including executive-level reporting
- Ability to lead incidents, influence stakeholders, and drive rapid decision-making
- Bachelor’s degree in Cybersecurity, Information Technology, or related field (or equivalent experience)
- Certified in one or more of the following: CISSP, CISM, CISA,SANS GIAC Security Certifications.
