Jobs via Dice
Cyber Defense Incident Responder, Senior (L3)
Jobs via Dice, Greensboro, North Carolina, us, 27497
Stefanini Group is hiring a Senior Cyber Defense Incident Responder (Level 3) to work onsite in Greensboro, NC (8702 National Service Rd, Greensboro, NC 27409).
Shift: Saturday through Tuesday; Saturday and Sunday: 10 AM – 10 PM (US EST) – approved to work remotely; Monday and Tuesday: 8 AM – 4 PM – onsite at the office.
As a Senior Cyber Defense Incident Responder within the Global Cybersecurity Operations Center (CSOC), you will be a key technical expert responsible for managing and responding to advanced cyber threats, conducting investigations, and supporting the overall security posture of the company. This role combines hands‑on technical expertise with mentoring responsibilities, ensuring effective threat detection, incident response, and continuous improvement of SOC capabilities.
Responsibilities
Analyze and respond to complex security incidents and alerts generated by SOC tools (e.g., SIEM, EDR, IDS/IPS).
Investigate and resolve escalated incidents from Level 1 and Level 2 analysts, ensuring swift containment and remediation.
Lead investigations into cybersecurity incidents, including malware infections, data breaches, and insider threats.
Perform digital forensics to collect, analyze, and preserve evidence for legal or compliance requirements.
Provide incident reports with detailed root‑cause analyses and actionable recommendations.
Use threat intelligence to identify patterns and indicators of compromise (IOCs) relevant to the organization.
Work closely with junior analysts to provide guidance, training, and mentorship, fostering a culture of growth and knowledge‑sharing.
Collaborate with IT, cybersecurity, and business stakeholder teams to implement and improve security controls.
Support the continuous improvement of SOC processes, tools, and technologies to enhance efficiency and effectiveness.
Identify gaps in detection and response capabilities and recommend improvements to SOC leadership.
Qualifications
Bachelor’s degree in Computer Science or a related 4‑year technical degree.
Minimum 7 years of experience in supporting cyber defense operations in complex enterprise networks.
Experience in SOC, SIRT, or CSIRT capacities.
One or more of the following certifications: GIAC Certified Intrusion Analyst, GCIH Certified Incident Handler, GCIA Certified Intrusion Analyst, CISSP.
Experience in enterprise cybersecurity environments investigating targeted intrusions through complex network segments.
Expert understanding of Advanced Persistent Threat (APT), cybercrime, hacktivist tactics, techniques, and procedures (TTPs).
Subject‑matter expert in cybersecurity principles and threat lifecycle management.
Comprehensive knowledge of operating systems (Windows, OS X, Linux) and network protocols.
Demonstrable scripting skills (e.g., PowerShell, Python, Perl).
Knowledge of Cyber Kill Chain, NIST framework, MITRE ATT&CK, and SANS Critical Security Controls.
Experience tuning signatures, rules, and threat detection platforms (SIEM, IDS/IPS, EDR, sandbox tools).
Strong analytical and technical skills in network defense operations and incident handling.
Ability to develop rules, filters, signatures, and countermeasures for cyber defense platforms.
Knowledge of emerging cybersecurity technologies and continual improvement practices.
Preferred Qualifications
Deep CSOC experience in intelligence‑driven detection, threat lifecycle management, incident management, digital forensics, network monitoring, endpoint monitoring, OT security, and CSOC process management.
Preferred certifications: CISSP, GCIH, GCIA, Linux+, CCNA, CCNP.
Proven analytical, technical, and practical application of cyber and information security principles to business stakeholders.
Knowledge of cyber vulnerability management processes, cyber defense policies, procedures, and regulations.
Knowledge of user and system authentication and authorization mechanisms.
Listed salary ranges may vary based on experience, qualifications, and local market.
#J-18808-Ljbffr
Shift: Saturday through Tuesday; Saturday and Sunday: 10 AM – 10 PM (US EST) – approved to work remotely; Monday and Tuesday: 8 AM – 4 PM – onsite at the office.
As a Senior Cyber Defense Incident Responder within the Global Cybersecurity Operations Center (CSOC), you will be a key technical expert responsible for managing and responding to advanced cyber threats, conducting investigations, and supporting the overall security posture of the company. This role combines hands‑on technical expertise with mentoring responsibilities, ensuring effective threat detection, incident response, and continuous improvement of SOC capabilities.
Responsibilities
Analyze and respond to complex security incidents and alerts generated by SOC tools (e.g., SIEM, EDR, IDS/IPS).
Investigate and resolve escalated incidents from Level 1 and Level 2 analysts, ensuring swift containment and remediation.
Lead investigations into cybersecurity incidents, including malware infections, data breaches, and insider threats.
Perform digital forensics to collect, analyze, and preserve evidence for legal or compliance requirements.
Provide incident reports with detailed root‑cause analyses and actionable recommendations.
Use threat intelligence to identify patterns and indicators of compromise (IOCs) relevant to the organization.
Work closely with junior analysts to provide guidance, training, and mentorship, fostering a culture of growth and knowledge‑sharing.
Collaborate with IT, cybersecurity, and business stakeholder teams to implement and improve security controls.
Support the continuous improvement of SOC processes, tools, and technologies to enhance efficiency and effectiveness.
Identify gaps in detection and response capabilities and recommend improvements to SOC leadership.
Qualifications
Bachelor’s degree in Computer Science or a related 4‑year technical degree.
Minimum 7 years of experience in supporting cyber defense operations in complex enterprise networks.
Experience in SOC, SIRT, or CSIRT capacities.
One or more of the following certifications: GIAC Certified Intrusion Analyst, GCIH Certified Incident Handler, GCIA Certified Intrusion Analyst, CISSP.
Experience in enterprise cybersecurity environments investigating targeted intrusions through complex network segments.
Expert understanding of Advanced Persistent Threat (APT), cybercrime, hacktivist tactics, techniques, and procedures (TTPs).
Subject‑matter expert in cybersecurity principles and threat lifecycle management.
Comprehensive knowledge of operating systems (Windows, OS X, Linux) and network protocols.
Demonstrable scripting skills (e.g., PowerShell, Python, Perl).
Knowledge of Cyber Kill Chain, NIST framework, MITRE ATT&CK, and SANS Critical Security Controls.
Experience tuning signatures, rules, and threat detection platforms (SIEM, IDS/IPS, EDR, sandbox tools).
Strong analytical and technical skills in network defense operations and incident handling.
Ability to develop rules, filters, signatures, and countermeasures for cyber defense platforms.
Knowledge of emerging cybersecurity technologies and continual improvement practices.
Preferred Qualifications
Deep CSOC experience in intelligence‑driven detection, threat lifecycle management, incident management, digital forensics, network monitoring, endpoint monitoring, OT security, and CSOC process management.
Preferred certifications: CISSP, GCIH, GCIA, Linux+, CCNA, CCNP.
Proven analytical, technical, and practical application of cyber and information security principles to business stakeholders.
Knowledge of cyber vulnerability management processes, cyber defense policies, procedures, and regulations.
Knowledge of user and system authentication and authorization mechanisms.
Listed salary ranges may vary based on experience, qualifications, and local market.
#J-18808-Ljbffr