TEKsystems
Job Title:
Cyber Defense Incident Responder, Snr (L3)
Overview As a Snr Cyber Defense Incident Responder within the Global Cybersecurity Operations Center (CSOC) you will play a crucial role as a key technical expert responsible for managing and responding to advanced cyber threats, conducting in-depth investigations, and supporting the overall security posture of the customer. This role combines hands‑on technical expertise with mentoring responsibilities, ensuring effective threat detection, incident response, and continuous improvement of SOC capabilities.
Responsibilities
Analyze and respond to complex security incidents and alerts generated by SOC tools (e.g., SIEM, EDR, IDS/IPS)
Investigate and resolve escalated incidents from Level 1 and Level 2 analysts, ensuring swift containment and remediation
Lead investigations into cybersecurity incidents, including malware infections, data breaches, and insider threats
Perform digital forensics to collect, analyse, and preserve evidence for legal or compliance requirements
Provide incident reports with detailed root‑cause analyses and actionable recommendations
Use threat intelligence to identify patterns and indicators of compromise (IOCs) relevant to the organization
Work closely with junior analysts to provide guidance, training, and mentorship, fostering a culture of growth and knowledge‑sharing
Collaborate with IT, cybersecurity, and business stakeholder teams to implement and improve security controls
Support the continuous improvement of SOC processes, tools, and technologies to enhance efficiency and effectiveness
Identify gaps in detection and response capabilities and recommend improvements to SOC leadership
Qualifications
Bachelor’s degree in Computer Science or a related 4‑year technical degree
Minimum 7 years of experience in supporting cyber defense operations in highly complex enterprise networks (SOC, SIRT, or CSIRT capacities)
One or more of the following certifications: GIAC Certified Intrusion Analyst, GCIH Certified Incident Handler, GCIA Certified Intrusion Analyst, CISSP
Experience in enterprise cybersecurity environment investigating targeted intrusions through complex network segments
Expert understanding of APT, cybercrime, and hacktivist tactics, techniques, and procedures (TTPs)
Subject‑matter expert in cybersecurity principles, threat lifecycle management, incident management
Comprehensive knowledge of Windows, OS X, Linux, network protocols, and application layer protocols
Demonstrable experience in scripting languages (Powershell, Python, Perl, etc.)
Understanding of the Cyber Kill Chain methodology, the NIST framework, the MITRE ATT&CK framework, and SANS Critical Security Controls
Working knowledge of modern cryptographic algorithms and systems
Experience working with and tuning signatures, rules, and security technologies (IDS/IPS, SIEM, sandboxing tools, EDR, email security platforms, user behavior analytics)
Network design knowledge including security architecture
Strong analytical and technical skills in network defense operations including incident handling (detection, analysis, triage)
Conceptual understanding of cyber threat hunting
Prior experience in analyzing cybersecurity events to determine true positives and false positives (alert triage, incident investigation, countermeasures, incident response)
Previous experience with SIEM platforms and log aggregation systems that perform collection, analysis, correlation, and alerting
Ability to develop rules, filters, views, signatures, countermeasures, and other cyber defense platforms, and to support analysis and detection continual improvement
Knowledge of emerging cybersecurity technologies
Ability to create technical documents, stakeholder sitreps, and briefing documents
Preferred Qualifications
Deep CSOC experience in intelligence‑driven detection, security principles, threat lifecycle management, incident management, digital forensics, network monitoring, endpoint monitoring, OT security principles
CSOC Process Management experience (process and procedure management, CSOC initiative management, continual operational improvement)
Preferred certifications: CISSP, GCIH, GCIA, Linux+, CCNA, CCNP
Demonstrated analytical skills, technical knowledge, and practical application of cyber and information security principles to business leaders and technical teams
Knowledge of cyber defense policies, procedures, and regulations
Knowledge of cyber vulnerability management processes
Knowledge of common user and system authentication and authorization mechanisms
Skills Security, Information security, Security operations, Incident Response, Cyber Threat Analyst, Malware, Cyber security, SOC, SIEM, analysis, Splunk, ELK stack, Elastic Search, threat hunting, PowerShell, Wireshark, firewall, malware analysis, IDS, Python, OSINT.
Pay and Benefits The pay range for this position is $55.00 – $62.45 per hour.
Eligibility requirements apply to some benefits and may depend on job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms. If eligible, the benefits available for this temporary role may include the following:
Medical, dental & vision
Critical Illness, Accident, and Hospital
401(k) Retirement Plan – Pre‑tax and Roth post‑tax contributions available
Life Insurance (Voluntary Life & AD&D for the employee and dependents)
Short and long‑term disability
Health Spending Account (HSA)
Transportation benefits
Employee Assistance Program
Time Off/Leave (PTO, Vacation or Sick Leave)
Workplace Type This is a hybrid position in Greensboro, NC.
Application Deadline This position is anticipated to close on Nov 10, 2025.
About TEKsystems TEKsystems is a leading provider of business and technology services, accelerating transformation for customers across North America, Europe, and Asia. As a team of 80,000 strong, we work with over 6,000 clients, including 80 % of the Fortune 500, delivering full‑stack technology services, talent services, and real‑world applications. We are an industry leader in Full‑Stack Technology Services and Talent Services, and we work with progressive leaders to drive change and deliver business outcomes.
EEO Statement The company is an equal‑opportunity employer and will consider all applications without regard to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.
#J-18808-Ljbffr
Cyber Defense Incident Responder, Snr (L3)
Overview As a Snr Cyber Defense Incident Responder within the Global Cybersecurity Operations Center (CSOC) you will play a crucial role as a key technical expert responsible for managing and responding to advanced cyber threats, conducting in-depth investigations, and supporting the overall security posture of the customer. This role combines hands‑on technical expertise with mentoring responsibilities, ensuring effective threat detection, incident response, and continuous improvement of SOC capabilities.
Responsibilities
Analyze and respond to complex security incidents and alerts generated by SOC tools (e.g., SIEM, EDR, IDS/IPS)
Investigate and resolve escalated incidents from Level 1 and Level 2 analysts, ensuring swift containment and remediation
Lead investigations into cybersecurity incidents, including malware infections, data breaches, and insider threats
Perform digital forensics to collect, analyse, and preserve evidence for legal or compliance requirements
Provide incident reports with detailed root‑cause analyses and actionable recommendations
Use threat intelligence to identify patterns and indicators of compromise (IOCs) relevant to the organization
Work closely with junior analysts to provide guidance, training, and mentorship, fostering a culture of growth and knowledge‑sharing
Collaborate with IT, cybersecurity, and business stakeholder teams to implement and improve security controls
Support the continuous improvement of SOC processes, tools, and technologies to enhance efficiency and effectiveness
Identify gaps in detection and response capabilities and recommend improvements to SOC leadership
Qualifications
Bachelor’s degree in Computer Science or a related 4‑year technical degree
Minimum 7 years of experience in supporting cyber defense operations in highly complex enterprise networks (SOC, SIRT, or CSIRT capacities)
One or more of the following certifications: GIAC Certified Intrusion Analyst, GCIH Certified Incident Handler, GCIA Certified Intrusion Analyst, CISSP
Experience in enterprise cybersecurity environment investigating targeted intrusions through complex network segments
Expert understanding of APT, cybercrime, and hacktivist tactics, techniques, and procedures (TTPs)
Subject‑matter expert in cybersecurity principles, threat lifecycle management, incident management
Comprehensive knowledge of Windows, OS X, Linux, network protocols, and application layer protocols
Demonstrable experience in scripting languages (Powershell, Python, Perl, etc.)
Understanding of the Cyber Kill Chain methodology, the NIST framework, the MITRE ATT&CK framework, and SANS Critical Security Controls
Working knowledge of modern cryptographic algorithms and systems
Experience working with and tuning signatures, rules, and security technologies (IDS/IPS, SIEM, sandboxing tools, EDR, email security platforms, user behavior analytics)
Network design knowledge including security architecture
Strong analytical and technical skills in network defense operations including incident handling (detection, analysis, triage)
Conceptual understanding of cyber threat hunting
Prior experience in analyzing cybersecurity events to determine true positives and false positives (alert triage, incident investigation, countermeasures, incident response)
Previous experience with SIEM platforms and log aggregation systems that perform collection, analysis, correlation, and alerting
Ability to develop rules, filters, views, signatures, countermeasures, and other cyber defense platforms, and to support analysis and detection continual improvement
Knowledge of emerging cybersecurity technologies
Ability to create technical documents, stakeholder sitreps, and briefing documents
Preferred Qualifications
Deep CSOC experience in intelligence‑driven detection, security principles, threat lifecycle management, incident management, digital forensics, network monitoring, endpoint monitoring, OT security principles
CSOC Process Management experience (process and procedure management, CSOC initiative management, continual operational improvement)
Preferred certifications: CISSP, GCIH, GCIA, Linux+, CCNA, CCNP
Demonstrated analytical skills, technical knowledge, and practical application of cyber and information security principles to business leaders and technical teams
Knowledge of cyber defense policies, procedures, and regulations
Knowledge of cyber vulnerability management processes
Knowledge of common user and system authentication and authorization mechanisms
Skills Security, Information security, Security operations, Incident Response, Cyber Threat Analyst, Malware, Cyber security, SOC, SIEM, analysis, Splunk, ELK stack, Elastic Search, threat hunting, PowerShell, Wireshark, firewall, malware analysis, IDS, Python, OSINT.
Pay and Benefits The pay range for this position is $55.00 – $62.45 per hour.
Eligibility requirements apply to some benefits and may depend on job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms. If eligible, the benefits available for this temporary role may include the following:
Medical, dental & vision
Critical Illness, Accident, and Hospital
401(k) Retirement Plan – Pre‑tax and Roth post‑tax contributions available
Life Insurance (Voluntary Life & AD&D for the employee and dependents)
Short and long‑term disability
Health Spending Account (HSA)
Transportation benefits
Employee Assistance Program
Time Off/Leave (PTO, Vacation or Sick Leave)
Workplace Type This is a hybrid position in Greensboro, NC.
Application Deadline This position is anticipated to close on Nov 10, 2025.
About TEKsystems TEKsystems is a leading provider of business and technology services, accelerating transformation for customers across North America, Europe, and Asia. As a team of 80,000 strong, we work with over 6,000 clients, including 80 % of the Fortune 500, delivering full‑stack technology services, talent services, and real‑world applications. We are an industry leader in Full‑Stack Technology Services and Talent Services, and we work with progressive leaders to drive change and deliver business outcomes.
EEO Statement The company is an equal‑opportunity employer and will consider all applications without regard to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.
#J-18808-Ljbffr