Incident Response Coordinator

We have a 3 month contract with opportunity to extend or convert for a seasoned Incident Response professional with 4–6+ years of hands-on experience supporting enterprise cybersecurity incidents in hybrid environments, combining strong technical expertise across EDR tools, SIEM platforms (e.g., Splunk), and cloud infrastructure. They are a proactive communicator and coordinator who can lead incident response efforts end-to-end, partner cross-functionally, and continuously enhance DFIR processes through automation, documentation, and best practices. 100% Remote.

Must be located in CST or EST

• MUST HAVES:A Bachelor's degree in a quantitative or business field (e.g., statistics, mathematics, engineering, computer science) and Requires 4 – 6 years of related experience.
• 5+ years of Security Operations, Incident Response, and/or Digital Forensics Experience
• Prior Incident Response Experience in a hybrid enterprise environment
• Experienced with utilizing security tooling such as: Splunk, EDR, Tanium, etc
• Strong understanding of cloud environments

• Preferred Experience:Strong Communications skills, experience conducting IR activities in hybrid environments, strong organization and time management skills, ability to leverage AI and automation to improve workflow processes

Disqualifiers:

About this Role:

This remote role acts as an incident coordinator to provide incident response support to the Digital Forensics and Incident Response (DFIR) team. The DFIR team is comprised of a team of Incident Response and Digital Forensic subject matter experts who swiftly respond to escalated incidents, investigate cybersecurity threats, safeguard cloud and on-premises assets, and drive improvements to the organization’s DFIR capabilities.

D2D Responsibilities:

As an incident coordinator, this role will support incident response (IR) activities within the organization. Incident coordinators partner with business units to accomplish Enterprise-wide containment, remediation and recovery actions and strategic initiatives. IR coordinators develop and drive the maturity of the DFIR team by establishing documentation and best practices and ensuring seamless cross-team communication. Incident coordinators leverage their knowledge of hybrid enterprise environments to help communicate and direct response activities through the incident response lifecycle.

Job Description:

Position Purpose:

Resolves security incidents, recommending enhancements to improve security, identifying common attack patterns to publicly exposed aspects of the organization's environment, and contributing to the implementation of scalable and preventative security measures. Executes enterprise-wide Incident Response Plan. Partners with business units to accomplish enterprise-wide remediation and develops and delivers presentations to senior leadership team.?

Education/Experience:

A Bachelor's degree in a quantitative or business field (e.g., statistics, mathematics, engineering, computer science) and Requires 4 – 6 years of related experience.

Or equivalent experience acquired through accomplishments of applicable knowledge, duties, scope and skill reflective of the level of this position.

Technical Skills:

One or more of the following skills are desired.

Knowledge of Other: Tools, techniques and processes (TTP) used by threat actors

Knowledge of Other: Indicators of compromise (IOC)

Experience with Other: Endpoint protection and enterprise detection & response software (such as CrowdStrike or Carbon Black)

Knowledge of Other: Network and infrastructure technologies including routers, switches, firewalls, etc.

Soft Skills:

Intermediate - Seeks to acquire knowledge in area of specialty

Intermediate - Ability to identify basic problems and procedural irregularities, collect data, establish facts, and draw valid conclusions

Intermediate - Ability to work independently

Intermediate - Demonstrated analytical skills

Intermediate - Demonstrated project management skills

Intermediate - Demonstrates a high level of accuracy, even under pressure

Intermediate - Demonstrates excellent judgment and decision making skills

License/Certification:

SANS GIAC Security Essentials (GSEC), SANS GIAC Certified Intrusion Analyst (GCIA) or equivalent, SANS GIAC Certified Incident Handler (GCIH) or equivalent? required

Responsibilities:

Reviews current configurations of the production information systems and networks against compliance standards

Prepares the prevention and resolution of security breaches and ensure incident and response management processes are initiated

Implements and discuss security service audit schedules, review access authorization, and perform the required access controls testing to identify security shortfalls

Designs of automated scripts, contingency plans, and other programmed responses which are launched when an attack against the company’s systems has been detected

Collaborates with Information Security Architects, Information Security Engineers, and software or hardware stakeholders

Notifies internal and/or external teams according to agreed alert priority levels, escalation trees, triaging of security alerts, events, and notifications

Ties third party attack monitoring services and threat reporting services, into internal CIRT (Cyber Incident Response Team) communications systems

Performs post-mortem analysis with logs, network traffic flows, and other recorded information to identify intrusions by unauthorized parties, as well as unauthorized activities of authorized users

Performs other duties as assigned

Complies with all policies and standards