Cybersecurity Incident Response Engineer
Job Locations
US-CA-Santa Ana
ID
2025-4070
- Category
- Full-Time
Overview
Engineer, Cybersecurity Incident Response
Founded in 1997, Think Together partners with schools to change the odds for kids by providing award-winning programs during and outside the school day. We’re one of California’s largest nonprofits working in school districts from San Diego to San Francisco. Whether you’re interested in early learning, elementary, middle or high school, you can invest in your community by working at a local school or working within our home office providing support!
JOB SUMMARY:
Reporting to the VP of Functional Excellence, this role works with the Technology teams and other key stakeholders to ensure the proper approach and response to cybersecurity threats and attacks. They advise and act to protect the company’s hardware, software, networks, and data from threats. The Incident Response Engineer will fully understand the IT infrastructure, monitor, identify and address vulnerabilities that create potential risks to our information security and that of our customers. This position will plan, implement, upgrade, and monitor security measures for the protection of systems and information.
ESSENTIAL JOB DUTIES AND RESPONSIBILITIES:
• Leads the Incident Response effort and manages the Incident Response Lifecycle, including reporting on cyber-attacks, incidents, and breaches, as well as investigating and resolving issues to mitigate vulnerabilities and threats, addressing cyber-risk.
• Responds to critical security incidents and leads escalations to close with response, containment, and remediation.
• Responsible for analyzing, designing, managing, and delivering the services required to minimize the negative impact of security incidents and restoring normal service operation as quickly as possible.
• Provides functional and technical support to maintain a proactive security posture and ensure protection of electronically and physically stored information assets across organizational systems.
• Ensures continuous monitoring is in place for all classified assets.
• Mitigates vulnerabilities to maintain a high-security standard.
• Performs forensic analysis, including static and dynamic analyses of suspect malware
• Knowledge of Microsoft Windows, including registry, logs, and common forensic artifacts
• Knowledge of TCP/IP and networking fundamentals, network architecture, and security infrastructure's best practices.
• Manages and integrates threat intelligence received from a variety of sources into actionable tasks to address threats and vulnerabilities.
• Monitors and scans the networks for vulnerabilities and threat actor activity.
• Stays current with the latest information security controls, practices, techniques, and capabilities.
• Maintains and tests the Disaster Recovery technologies and processes.
• Develops, maintains, and recommends improvements to the BCDR (Business Continuity and Disaster Recovery) plan.
• Performs detailed analyses of various security event sources and acts as the interface with other IT and business departments regarding IT security incidents.
• Works with all departments to increase cybersecurity awareness and strengthen the human firewall.
• Maintains familiarity with business processes, infrastructure, and applications to ensure proper cyber-risk management.
• Leads tabletop and simulation tests with the technology department and stakeholders, as appropriate.
Reporting to the VP of Functional Excellence, this role works with the Technology teams and other key stakeholders to ensure the proper approach and response to cybersecurity threats and attacks. They advise and act to protect the company’s hardware, software, networks, and data from threats. The Incident Response Engineer will fully understand the IT infrastructure, monitor, identify and address vulnerabilities that create potential risks to our information security and that of our customers. This position will plan, implement, upgrade, and monitor security measures for the protection of systems and information.
ESSENTIAL JOB DUTIES AND RESPONSIBILITIES:
• Leads the Incident Response effort and manages the Incident Response Lifecycle, including reporting on cyber-attacks, incidents, and breaches, as well as investigating and resolving issues to mitigate vulnerabilities and threats, addressing cyber-risk.
• Responds to critical security incidents and leads escalations to close with response, containment, and remediation.
• Responsible for analyzing, designing, managing, and delivering the services required to minimize the negative impact of security incidents and restoring normal service operation as quickly as possible.
• Provides functional and technical support to maintain a proactive security posture and ensure protection of electronically and physically stored information assets across organizational systems.
• Ensures continuous monitoring is in place for all classified assets.
• Mitigates vulnerabilities to maintain a high-security standard.
• Performs forensic analysis, including static and dynamic analyses of suspect malware
• Knowledge of Microsoft Windows, including registry, logs, and common forensic artifacts
• Knowledge of TCP/IP and networking fundamentals, network architecture, and security infrastructure's best practices.
• Manages and integrates threat intelligence received from a variety of sources into actionable tasks to address threats and vulnerabilities.
• Monitors and scans the networks for vulnerabilities and threat actor activity.
• Stays current with the latest information security controls, practices, techniques, and capabilities.
• Maintains and tests the Disaster Recovery technologies and processes.
• Develops, maintains, and recommends improvements to the BCDR (Business Continuity and Disaster Recovery) plan.
• Performs detailed analyses of various security event sources and acts as the interface with other IT and business departments regarding IT security incidents.
• Works with all departments to increase cybersecurity awareness and strengthen the human firewall.
• Maintains familiarity with business processes, infrastructure, and applications to ensure proper cyber-risk management.
• Leads tabletop and simulation tests with the technology department and stakeholders, as appropriate.
QUALIFICATIONS AND REQUIREMENTS:
• Bachelor’s degree (B.A.) in Information Security or related field.
• Proven experience which includes 2+ years of hands-on incident response experience, virtual threat tracking experience and exploit/hack tool research or development experience or 5+ years of combined experience and education.
• EC-Council Certified Incident Handler (ECIH), GIAC Certified Forensic Analyst (GCFA), and CompTIA Cybersecurity Analyst (CySA+) certifications are a plus.
• Experience Administering End Point Protection, O365 Defender, Azure Information Protection, and DLP solutions.
• A deep understanding of and experience with the Cybersecurity Incident Response lifecycle.
• Experience designing, implementing, and enhancing engineering security risk management processes with alignment to policies, standards, procedures, and frameworks.
• Experience responding to requests from internal and external auditors, and/or leading audit activities.
• Experience working with networking equipment including but not limited to, routers, switches, and firewalls.
• Experience conducting Security Gap Assessments, for protection planning and threat modelling.
• Excellent Communication, Troubleshooting, Problem Solving, Comprehension, Research and Writing Skills.
• Ability to work with customers internal and external while promoting a positive image of the organization.
OTHER QUALIFICATIONS & DESIRED COMPETENCIES:
• Demonstrates competency in providing cybersecurity operational services to the organization.
• Consistently demonstrates teamwork, collaboration and puts the success of the team above one’s own interests.
• Receives minimal instruction on day-to-day work and general instructions on new assignments.
• Demonstrates competency in selecting methods and techniques for obtaining solutions.
• Able to succeed in a fast-paced, deadline driven environment, where small teams share a broad variety of duties.
• Displays strong initiative and drive to accomplish goals and meet company objectives.
• Takes ownership and responsibility for current and past work products.
• Is committed to learning from mistakes and driven to improve and enhance performance of oneself and others.
• Familiarity with privacy laws, data security regulations, and frameworks, such as SOC2, NIST, COBIT, ISO 27001.
• Proficiency with Security Protocols; Firewalls, Routers, Anti-Virus, Endpoint Protection.
• Proficiency with Office 365 business line of applications.
• Proficiency with Intune, Azure, O365 Administration is a plus.
• Able to identify and document specific security issues, propose resolution options, and interpret matters from all involved departments.
BACKGROUND CHECK REQUIREMENTS:
• Must pass Live Scan (Criminal Background Check via fingerprinting).
• Provide and maintain a clear TB test throughout employment.
COMPENSATION:
- Salary Range $125,000-$135,000
This is the targeted compensation for the position. A range of factors, including but not limited to; location, skills, experience, will be considered. Actual compensation may vary.
Think Together is an Equal Opportunity Employer that does not discriminate on the basis of actual or perceived race, color, national origin, ancestry, sex, gender, gender identity, gender expression, pregnancy, childbirth or related medical conditions, religious creed, physical disability, mental disability, age for individuals age 40 and over, medical condition (as defined by state law (for example, cancer or genetic characteristics or HIV/AIDS), marital status, military and veteran status, sexual orientation, genetic information, citizenship status or any other characteristic protected by federal, state or local law. Our management team is dedicated to this policy with respect to recruitment, hiring, placement, promotion, transfer, training, compensation, benefits, employee activities and general treatment during employment.
Options
Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Broadcast via Social Network
Application FAQs
Software Powered by iCIMS
www.icims.com